Vulnerability Details CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/17866
- http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755
- http://www.kb.cert.org/vuls/id/392156
- http://www.securityfocus.com/bid/15703
- http://www.vupen.com/english/advisories/2005/2726
- http://secunia.com/advisories/17866
- http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755
- http://www.kb.cert.org/vuls/id/392156
- http://www.securityfocus.com/bid/15703
- http://www.vupen.com/english/advisories/2005/2726
Products affected by CVE-2005-4031
-
cpe:2.3:a:mediawiki:mediawiki:1.5.0
-
cpe:2.3:a:mediawiki:mediawiki:1.5.1
-
cpe:2.3:a:mediawiki:mediawiki:1.5.2
-
cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1
-
cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2
-
cpe:2.3:a:mediawiki:mediawiki:1.5_beta1
-
cpe:2.3:a:mediawiki:mediawiki:1.5_beta2
-
cpe:2.3:a:mediawiki:mediawiki:1.5_beta3