CVE-2005-4031Eval Injection in Mediawiki

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 6
Latest updateMay 1

Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmediawiki/mediawiki8 versions+7

Patches

Patch: secunia.comPatch: sourceforge.netPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-7g9f-9vq9-79j8: Eval injection vulnerability in MediaWiki 12022-05-01

📋Vendor Advisories

1
Debian
CVE-2005-4031: mediawiki - Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attac...2005
CVE-2005-4031 — Eval Injection in Mediawiki | cvebase