CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
pmwikipmwiki
2.0.0
pmwikipmwiki
2.0.1
pmwikipmwiki
2.0.2
pmwikipmwiki
2.0.3
pmwikipmwiki
2.0.4
pmwikipmwiki
2.0.5
pmwikipmwiki
2.0.6
pmwikipmwiki
2.0.7
pmwikipmwiki
2.0.8
pmwikipmwiki
2.0.9
pmwikipmwiki
2.0.10
pmwikipmwiki
2.0.11
pmwikipmwiki
2.0.12
pmwikipmwiki
2.0.13
pmwikipmwiki
2.1.0
pmwikipmwiki
2.1.1
pmwikipmwiki
2.1.2
pmwikipmwiki
2.1.3
pmwikipmwiki
2.1.4
pmwikipmwiki
2.1.5
pmwikipmwiki
2.1.6
pmwikipmwiki
2.1.7
pmwikipmwiki
2.1.8
pmwikipmwiki
2.1.9
pmwikipmwiki
2.1.10
pmwikipmwiki
2.1.11
pmwikipmwiki
2.1.12
pmwikipmwiki
2.1.13
pmwikipmwiki
2.1.14
pmwikipmwiki
2.1.15
pmwikipmwiki
2.1.16
pmwikipmwiki
2.1.17
pmwikipmwiki
2.1.18
pmwikipmwiki
2.1.19
pmwikipmwiki
2.1.20
pmwikipmwiki
2.1.21
pmwikipmwiki
2.1.22
pmwikipmwiki
2.1.23
pmwikipmwiki
2.1.24
pmwikipmwiki
2.1.25
pmwikipmwiki
2.1.26
pmwikipmwiki
2.1.27
pmwikipmwiki
2.2.0
pmwikipmwiki
2.2.0:beta1
pmwikipmwiki
2.2.0:beta10
pmwikipmwiki
2.2.0:beta11
pmwikipmwiki
2.2.0:beta12
pmwikipmwiki
2.2.0:beta13
pmwikipmwiki
2.2.0:beta14
pmwikipmwiki
2.2.0:beta15
pmwikipmwiki
2.2.0:beta16
pmwikipmwiki
2.2.0:beta17
pmwikipmwiki
2.2.0:beta18
pmwikipmwiki
2.2.0:beta19
pmwikipmwiki
2.2.0:beta2
pmwikipmwiki
2.2.0:beta20
pmwikipmwiki
2.2.0:beta21
pmwikipmwiki
2.2.0:beta22
pmwikipmwiki
2.2.0:beta23
pmwikipmwiki
2.2.0:beta24
pmwikipmwiki
2.2.0:beta25
pmwikipmwiki
2.2.0:beta26
pmwikipmwiki
2.2.0:beta27
pmwikipmwiki
2.2.0:beta28
pmwikipmwiki
2.2.0:beta29
pmwikipmwiki
2.2.0:beta3
pmwikipmwiki
2.2.0:beta30
pmwikipmwiki
2.2.0:beta31
pmwikipmwiki
2.2.0:beta32
pmwikipmwiki
2.2.0:beta33
pmwikipmwiki
2.2.0:beta34
pmwikipmwiki
2.2.0:beta35
pmwikipmwiki
2.2.0:beta36
pmwikipmwiki
2.2.0:beta37
pmwikipmwiki
2.2.0:beta38
pmwikipmwiki
2.2.0:beta39
pmwikipmwiki
2.2.0:beta4
pmwikipmwiki
2.2.0:beta40
pmwikipmwiki
2.2.0:beta41
pmwikipmwiki
2.2.0:beta42
pmwikipmwiki
2.2.0:beta43
pmwikipmwiki
2.2.0:beta44
pmwikipmwiki
2.2.0:beta45
pmwikipmwiki
2.2.0:beta46
pmwikipmwiki
2.2.0:beta47
pmwikipmwiki
2.2.0:beta48
pmwikipmwiki
2.2.0:beta49
pmwikipmwiki
2.2.0:beta5
pmwikipmwiki
2.2.0:beta50
pmwikipmwiki
2.2.0:beta51
pmwikipmwiki
2.2.0:beta52
pmwikipmwiki
2.2.0:beta53
pmwikipmwiki
2.2.0:beta54
pmwikipmwiki
2.2.0:beta55
pmwikipmwiki
2.2.0:beta56
pmwikipmwiki
2.2.0:beta57
pmwikipmwiki
2.2.0:beta58
pmwikipmwiki
2.2.0:beta59
pmwikipmwiki
2.2.0:beta6
pmwikipmwiki
2.2.0:beta60
pmwikipmwiki
2.2.0:beta61
pmwikipmwiki
2.2.0:beta62
pmwikipmwiki
2.2.0:beta63
pmwikipmwiki
2.2.0:beta64
pmwikipmwiki
2.2.0:beta65
pmwikipmwiki
2.2.0:beta66
pmwikipmwiki
2.2.0:beta67
pmwikipmwiki
2.2.0:beta68
pmwikipmwiki
2.2.0:beta7
pmwikipmwiki
2.2.0:beta8
pmwikipmwiki
2.2.0:beta9
pmwikipmwiki
2.2.1
pmwikipmwiki
2.2.2
pmwikipmwiki
2.2.3
pmwikipmwiki
2.2.4
pmwikipmwiki
2.2.5
pmwikipmwiki
2.2.6
pmwikipmwiki
2.2.7
pmwikipmwiki
2.2.8
pmwikipmwiki
2.2.9
pmwikipmwiki
2.2.10
pmwikipmwiki
2.2.11
pmwikipmwiki
2.2.12
pmwikipmwiki
2.2.13
pmwikipmwiki
2.2.14
pmwikipmwiki
2.2.15
pmwikipmwiki
2.2.16
pmwikipmwiki
2.2.17
pmwikipmwiki
2.2.18
pmwikipmwiki
2.2.19
pmwikipmwiki
2.2.20
pmwikipmwiki
2.2.21
pmwikipmwiki
2.2.22
pmwikipmwiki
2.2.23
pmwikipmwiki
2.2.24
pmwikipmwiki
2.2.25
pmwikipmwiki
2.2.26
pmwikipmwiki
2.2.27
pmwikipmwiki
2.2.28
pmwikipmwiki
2.2.29
pmwikipmwiki
2.2.30
pmwikipmwiki
2.2.32
pmwikipmwiki
2.2.33
pmwikipmwiki
2.2.34
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/18149/
http://www.exploit-db.com/exploits/18243/
http://www.pmwiki.org/wiki/PITS/01271
http://www.exploit-db.com/exploits/18149/
http://www.exploit-db.com/exploits/18243/
http://www.pmwiki.org/wiki/PITS/01271