PmWiki.Remote.PHP.Code.Injection
Description
This indicates an attack attempt to exploit a PHP Code Injection vulnerability in PmWiki.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in PageListSort() function. As a result, a remote attacker can send a crafted request to execute PHP code on a vulnerable server.
Affected Products
PmWiki version 2.0.0 to 2.2.34
Impact
System Compromise: Remote attackers can remote execute arbitrary code.
Recommended Actions
Upgrade to the latest version, available from the website.
http://www.pmwiki.org/wiki/PmWiki/ChangeLog#v2235
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |