Code injection

2011-12-2215:29:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.869 High

EPSS

Percentile

98.5%

JSON

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

CPENameOperatorVersion
pmwikieq2.1.25
pmwikieq2.2.0 beta22
pmwikieq2.2.0 beta64
pmwikieq2.2.0
pmwikieq2.1.6
pmwikieq2.2.28
pmwikieq2.1.2
pmwikieq2.2.0 beta24
pmwikieq2.2.32
pmwikieq2.2.0 beta51

Name	Operator	Version
pmwiki	eq	2.1.25
pmwiki	eq	2.2.0 beta22
pmwiki	eq	2.2.0 beta64
pmwiki	eq	2.2.0
pmwiki	eq	2.1.6
pmwiki	eq	2.2.28
pmwiki	eq	2.1.2
pmwiki	eq	2.2.0 beta24
pmwiki	eq	2.2.32
pmwiki	eq	2.2.0 beta51