The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
References
Link | Resource |
---|---|
http://www.exploit-db.com/exploits/18149/ | Exploit |
http://www.exploit-db.com/exploits/18243/ | Exploit |
http://www.pmwiki.org/wiki/PITS/01271 | Exploit Patch |
http://www.exploit-db.com/exploits/18149/ | Exploit |
http://www.exploit-db.com/exploits/18243/ | Exploit |
http://www.pmwiki.org/wiki/PITS/01271 | Exploit Patch |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.exploit-db.com/exploits/18149/ - Exploit | |
References | () http://www.exploit-db.com/exploits/18243/ - Exploit | |
References | () http://www.pmwiki.org/wiki/PITS/01271 - Exploit, Patch |
Information
Published : 2011-12-22 15:29
Updated : 2024-11-21 01:32
NVD link : CVE-2011-4453
Mitre link : CVE-2011-4453
CVE.ORG link : CVE-2011-4453
JSON object : View
Products Affected
pmwiki
- pmwiki
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')