National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2011-4453 Detail

Current Description

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

Source:  MITRE
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 7.5 HIGH
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) (V2 legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0


Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.exploit-db.com/exploits/18149/ Exploit
http://www.exploit-db.com/exploits/18243/ Exploit
http://www.pmwiki.org/wiki/PITS/01271 Exploit Patch

Technical Details

Vulnerability Type (View All)

  • Improper Control of Generation of Code ('Code Injection') (CWE-94)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:pmwiki:pmwiki:2.0.0
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.1
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.2
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.3
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.4
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.5
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.6
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.7
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.8
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.9
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.10
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.11
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.12
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.0.13
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.0
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.1
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.2
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.3
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.4
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.5
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.6
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.7
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.8
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.9
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.10
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.11
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.12
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.13
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.14
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.15
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.16
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.17
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.18
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.19
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.20
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.21
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.22
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.23
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.24
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.25
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.26
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.1.27
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta1
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta10
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta11
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta12
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta13
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta14
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta15
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta16
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta17
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta18
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta19
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta2
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta20
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta21
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta22
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta23
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta24
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta25
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta26
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta27
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta28
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta29
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta3
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta30
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta31
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta32
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta33
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta34
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta35
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta36
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta37
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta38
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta39
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta4
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta40
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta41
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta42
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta43
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta44
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta45
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta46
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta47
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta48
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta49
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta5
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta50
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta51
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta52
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta53
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta54
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta55
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta56
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta57
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta58
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta59
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta6
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta60
     Show Matching CPE(s)
 cpe:/a:pmwiki:pmwiki:2.2.0:beta61
     Show Matching CPE(s)

Showing 100 of 144 CPEs, view all CPEs here.

Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2011-4453
NVD Published Date:
12/22/2011
NVD Last Modified:
01/12/2012