CVE-2005-4031

MediaWiki 1.5.x - Remote Code Execution via User Language Option Eval Injection

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

References (5)

Core 5
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17866
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15703
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2726
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/392156

Scores

EPSS 0.0165
EPSS Percentile 82.3%

Details

Status published
Products (8)
mediawiki/mediawiki 1.5.0
mediawiki/mediawiki 1.5.1
mediawiki/mediawiki 1.5.2
mediawiki/mediawiki 1.5_alpha1
mediawiki/mediawiki 1.5_alpha2
mediawiki/mediawiki 1.5_beta1
mediawiki/mediawiki 1.5_beta2
mediawiki/mediawiki 1.5_beta3
Published Dec 06, 2005
Tracked Since Feb 18, 2026