Description

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

Remediation

References

CVE-2011-4453

Related Vulnerabilities

WordPress Plugin PowerPress Podcasting by Blubrry Unspecified Vulnerability (8.6.1)

Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911)

WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.4.9.9)

WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Local File Inclusion (2.2.25)

Severity

High

Classification

CVE-2011-4453 CWE-94

Tags

Missing Update Known Vulnerabilities