PmWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4453)
Description
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.