The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-12-22T15:00:00Z

Updated: 2024-09-16T19:51:19.070Z

Reserved: 2011-11-15T00:00:00Z

Link: CVE-2011-4453

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-12-22T15:29:20.357

Modified: 2024-11-21T01:32:23.293

Link: CVE-2011-4453

cve-icon Redhat

No data.