A “highly critical” vulnerability has been reported in the popular TikiWiki software. It can be exploited by malicious parties to compromise vulnerable systems.

Excerpt from Secunia:

Input passed via the “f” parameter to tiki-graph_formula.php is not properly verified before being used to execute PHP functions. This can be exploited to execute arbitrary PHP functions

This vulnerability has been reported for version 1.9.8. Users or system administrators are urged to upgrade to version 1.9.8.1, which fixes the flaw.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays