Public exploit · Metasploit Module

PmWiki pagelist.php Remote PHP Code Injection Exploit

Published Rocco Calvi

Exploit summary

This module exploits an arbitrary command execution vulnerability in PmWiki versions 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php, allowing remote PHP code injection and execution.

Source & references