A “highly critical” vulnerability has been reported in the popular TikiWiki software. It can be exploited by malicious parties to compromise vulnerable systems.
Input passed via the “f” parameter to tiki-graph_formula.php is not properly verified before being used to execute PHP functions. This can be exploited to execute arbitrary PHP functions
This vulnerability has been reported for version 1.9.8. Users or system administrators are urged to upgrade to version 126.96.36.199, which fixes the flaw.