PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
BID:50776
Info
PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
| Bugtraq ID: | 50776 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4453 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 23 2011 12:00AM |
| Updated: | Dec 23 2011 12:40PM |
| Credit: | Egidio Romano aka EgiX |
| Vulnerable: |
PmWiki PmWiki 2.2.34 PmWiki PmWiki 2.2.21 PmWiki PmWiki 2.2.20 PmWiki PmWiki 2.2.15 PmWiki PmWiki 2.1.19 PmWiki PmWiki 2.1.18 PmWiki PmWiki 2.1.17 PmWiki PmWiki 2.1.7 PmWiki PmWiki 2.1.6 PmWiki PmWiki 2.0.13 PmWiki PmWiki 2.0.12 PmWiki PmWiki 2.0.11 PmWiki PmWiki 2.0.10 PmWiki PmWiki 2.0.9 PmWiki PmWiki 2.0.8 PmWiki PmWiki 2.0.7 PmWiki PmWiki 2.0.6 PmWiki PmWiki 2.0.5 PmWiki PmWiki 2.0.4 PmWiki PmWiki 2.0.3 PmWiki PmWiki 2.0.2 PmWiki PmWiki 2.0.1 PmWiki PmWiki 2.0 .0 PmWiki PmWiki 2.1 beta21 PmWiki PmWiki 2.1 beta20 |
| Not Vulnerable: |
PmWiki PmWiki 2.2.35 |
Discussion
PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
PmWiki is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PmWiki 2.0.0 to 2.2.34 are vulnerable; other versions may also be affected.
PmWiki is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PmWiki 2.0.0 to 2.2.34 are vulnerable; other versions may also be affected.
Exploit / POC
PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
Attackers can exploit this issue through a browser.
The following exploits are available:
Attackers can exploit this issue through a browser.
The following exploits are available:
Solution / Fix
PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
PmWiki 'PageListSort()' Function PHP Code Injection Vulnerability
References:
References: