8.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.869 High
EPSS
Percentile
98.5%
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CPE | Name | Operator | Version |
---|---|---|---|
pmwiki | eq | 2.1.25 | |
pmwiki | eq | 2.2.0 beta22 | |
pmwiki | eq | 2.2.0 beta64 | |
pmwiki | eq | 2.2.0 | |
pmwiki | eq | 2.1.6 | |
pmwiki | eq | 2.2.28 | |
pmwiki | eq | 2.1.2 | |
pmwiki | eq | 2.2.0 beta24 | |
pmwiki | eq | 2.2.32 | |
pmwiki | eq | 2.2.0 beta51 |