Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

Remediation

References

CVE-2005-4031

Related Vulnerabilities

WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)

WordPress Plugin Infusionsoft Gravity Forms Add-on Multiple Cross-Site Scripting Vulnerabilities (1.5.6)

Oracle Database Server Other Vulnerability (CVE-2001-0943)

SharePoint Authentication Bypass by Spoofing Vulnerability (CVE-2021-42320)

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

Severity

High

Classification

CVE-2005-4031

Tags

Missing Update Known Vulnerabilities