Required CVE Record Information
Description
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
References 5 Total
- http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755
- secunia.com: 17866 third-party-advisory
- securityfocus.com: 15703 vdb-entry
- vupen.com: ADV-2005-2726 vdb-entry
- kb.cert.org: VU#392156 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 x_transferred
- secunia.com: 17866 third-party-advisoryx_transferred
- securityfocus.com: 15703 vdb-entryx_transferred
- vupen.com: ADV-2005-2726 vdb-entryx_transferred
- kb.cert.org: VU#392156 third-party-advisoryx_transferred