Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

Remediation

References

CVE-2005-4031

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2006-4743)

WordPress Plugin Onclick show popup Cross-Site Scripting (6.5)

WordPress Plugin AdServe 'id' Parameter SQL Injection (0.2)

Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-8663)

Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)

Severity

High

Classification

CVE-2005-4031

Tags

Missing Update Known Vulnerabilities