Published: 22/12/2011 Updated: 12/01/2012

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The PageListSort function in scripts/pagelist.php in PmWiki 2.x prior to 2.2.35 allows remote malicious users to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pmwiki pmwiki 2.0.9
pmwiki pmwiki 2.1.0
pmwiki pmwiki 2.1.1
pmwiki pmwiki 2.1.2
pmwiki pmwiki 2.1.16
pmwiki pmwiki 2.1.17
pmwiki pmwiki 2.1.18
pmwiki pmwiki 2.1.19
pmwiki pmwiki 2.2.0
pmwiki pmwiki 2.0.0
pmwiki pmwiki 2.0.10
pmwiki pmwiki 2.0.12
pmwiki pmwiki 2.0.5
pmwiki pmwiki 2.0.7
pmwiki pmwiki 2.1.4
pmwiki pmwiki 2.1.6
pmwiki pmwiki 2.1.13
pmwiki pmwiki 2.1.15
pmwiki pmwiki 2.1.20
pmwiki pmwiki 2.1.22
pmwiki pmwiki 2.2.1
pmwiki pmwiki 2.2.8
pmwiki pmwiki 2.2.10
pmwiki pmwiki 2.2.17
pmwiki pmwiki 2.2.19
pmwiki pmwiki 2.2.24
pmwiki pmwiki 2.2.26
pmwiki pmwiki 2.2.34
pmwiki pmwiki 2.0.13
pmwiki pmwiki 2.0.2
pmwiki pmwiki 2.0.3
pmwiki pmwiki 2.0.4
pmwiki pmwiki 2.1.7
pmwiki pmwiki 2.1.8
pmwiki pmwiki 2.1.9
pmwiki pmwiki 2.1.10
pmwiki pmwiki 2.1.11
pmwiki pmwiki 2.1.24
pmwiki pmwiki 2.1.25
pmwiki pmwiki 2.1.26
pmwiki pmwiki 2.1.27
pmwiki pmwiki 2.2.12
pmwiki pmwiki 2.2.13
pmwiki pmwiki 2.2.14
pmwiki pmwiki 2.2.15
pmwiki pmwiki 2.2.28
pmwiki pmwiki 2.2.29
pmwiki pmwiki 2.2.30
pmwiki pmwiki 2.2.32
pmwiki pmwiki 2.2.33
pmwiki pmwiki 2.0.1
pmwiki pmwiki 2.0.11
pmwiki pmwiki 2.0.6
pmwiki pmwiki 2.0.8
pmwiki pmwiki 2.1.3
pmwiki pmwiki 2.1.5
pmwiki pmwiki 2.1.12
pmwiki pmwiki 2.1.14
pmwiki pmwiki 2.1.21
pmwiki pmwiki 2.1.23
pmwiki pmwiki 2.2.2
pmwiki pmwiki 2.2.7
pmwiki pmwiki 2.2.9
pmwiki pmwiki 2.2.11
pmwiki pmwiki 2.2.16
pmwiki pmwiki 2.2.18
pmwiki pmwiki 2.2.25
pmwiki pmwiki 2.2.27
pmwiki pmwiki 2.2.3
pmwiki pmwiki 2.2.4
pmwiki pmwiki 2.2.5
pmwiki pmwiki 2.2.6
pmwiki pmwiki 2.2.20
pmwiki pmwiki 2.2.21
pmwiki pmwiki 2.2.22
pmwiki pmwiki 2.2.23

PmWiki versions 2234 and below pagelist remote php code injection exploit ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking in ...

<?php /* ------------------------------------------------------------- PmWiki <= 2234 (pagelist) Remote PHP Code Injection Exploit ------------------------------------------------------------- author: Egidio Romano aka EgiX mail: n0b0d13s[at]gmail[dot]com software link: h ...

CWE-94 http://www.exploit-db.com/exploits/18243/http://www.exploit-db.com/exploits/18149/http://www.pmwiki.org/wiki/PITS/01271 https://nvd.nist.gov https://packetstormsecurity.com/files/107233/PmWiki-2.2.34-Remote-PHP-Code-Injection.html https://www.exploit-db.com/exploits/18243/

CVE-2011-4453

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect