Release DateJan 07, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can remote execute arbitrary code. |
DescriptionThis indicates an attack attempt to exploit a PHP Code Injection vulnerability in PmWiki.The vulnerability is a result of the application's failure to properly sanitize user input before using it in PageListSort() function. As a result, a remote attacker can send a crafted request to execute PHP code on a vulnerable server. |
Affected ProductsPmWiki version 2.0.0 to 2.2.34 |
Recommended ActionsUpgrade to the latest version, available from the website.http://www.pmwiki.org/wiki/PmWiki/ChangeLog#v2235 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-4453 |
Reference/shttp://www.securityfocus.com/bid/50776 (BugTraq)http://osvdb.org/show/osvdb/77261 http://www.exploit-db.com/exploits/18149/ http://www.pmwiki.org/wiki/PITS/01271 |
