Description

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

Remediation

References

CVE-2011-4453

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37256)

Claroline Other Vulnerability (CVE-2006-1594)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Scripting (2.55)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)

Oracle JRE CVE-2014-2414 Vulnerability (CVE-2014-2414)

Severity

High

Classification

CVE-2011-4453 CWE-94

Tags

Missing Update Known Vulnerabilities