Arbitrary Code Execution via Crafted Order Parameter in PmWiki PageListSort Function
CVE-2011-4453 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Learn more about our Web Application Penetration Testing UK.