CVE-2011-4453

Name of the Vulnerable Software and Affected Versions PmWiki versions prior to 2.2.35

Description The issue allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive. This leads to unintended use of the PHP create function function, potentially enabling code execution.

Recommendations For versions prior to 2.2.35, update to version 2.2.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the pagelist directive to minimize the risk of exploitation.