tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which will be processed by the create_function.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name