CVE-2011-4453 - OpenCVE

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pmwiki	Pmwiki

Configuration 1 [-]

OR	cpe:2.3:a:pmwiki:pmwiki:2.0.0:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.1:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.2:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.3:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.4:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.5:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.6:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.7:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.8:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.9:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.10:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.11:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.12:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.0.13:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.0:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.1:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.2:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.3:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.4:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.5:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.6:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.7:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.8:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.9:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.10:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.11:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.12:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.13:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.14:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.15:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.16:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.17:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.18:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.19:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.20:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.21:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.22:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.23:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.24:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.25:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.26:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.1.27:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:::::::*
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta1::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta10::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta11::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta12::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta13::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta14::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta15::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta16::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta17::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta18::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta19::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta2::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta20::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta21::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta22::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta23::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta24::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta25::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta26::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta27::::::
	cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta28::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta29::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta3::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta30::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta31::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta32::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta33::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta34::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta35::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta36::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta37::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta38::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta39::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta4::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta40::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta41::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta42::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta43::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta44::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta45::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta46::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta47::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta48::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta49::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta5::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta50::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta51::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta52::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta53::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta54::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta55::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta56::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta57::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta58::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta59::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta6::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta60::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta61::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta62::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta63::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta64::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta65::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta66::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta67::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta68::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta7::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta8::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta9::::::
cpe:2.3:a:pmwiki:pmwiki:2.2.1:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.2:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.3:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.4:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.5:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.6:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.7:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.8:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.9:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.10:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.11:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.12:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.13:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.14:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.15:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.16:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.17:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.18:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.19:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.20:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.21:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.22:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.23:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.24:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.25:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.26:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.27:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.28:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.29:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.30:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.32:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.33:::::::*
cpe:2.3:a:pmwiki:pmwiki:2.2.34:::::::*

No data.

References

Link	Providers
http://www.exploit-db.com/exploits/18149/
http://www.exploit-db.com/exploits/18243/
http://www.pmwiki.org/wiki/PITS/01271

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-12-22T15:00:00Z

Updated: 2024-09-16T19:51:19.070Z

Reserved: 2011-11-15T00:00:00Z

Link: CVE-2011-4453

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-12-22T15:29:20.357

Modified: 2012-01-12T05:00:00.000

Link: CVE-2011-4453

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object