← back
CVE-2011-4453

CVE-2011-4453

EPSS 53.4%
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Affected products
n/a · n/a
public PoCs found4
cve_referencewww.exploit-db.com/exploits/18149/unverifiedcve_referencewww.exploit-db.com/exploits/18243/unverifiedexploitdbwww.exploit-db.com/exploits/18149unverifiedexploitdbwww.exploit-db.com/exploits/18243unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.exploit-db.com/exploits/18149/http://www.exploit-db.com/exploits/18243/http://www.pmwiki.org/wiki/PITS/01271