Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

Remediation

References

CVE-2005-4031

Related Vulnerabilities

Oracle HTTP Server Other Vulnerability (CVE-2020-35168)

WordPress Plugin Advertisement Management Multiple Vulnerabilities (1.0)

WordPress Plugin Booster for WooCommerce Multiple Vulnerabilities (5.6.6)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3094)

WordPress Plugin YITH WooCommerce Badge Management Security Bypass (1.3.19)

Severity

High

Classification

CVE-2005-4031

Tags

Missing Update Known Vulnerabilities