Eval injection vulnerability in MediaWiki 1.5.x prior to 1.5.3 allows remote malicious users to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.5_beta1 |
||
mediawiki mediawiki 1.5_beta2 |
||
mediawiki mediawiki 1.5.1 |
||
mediawiki mediawiki 1.5.2 |
||
mediawiki mediawiki 1.5_alpha1 |
||
mediawiki mediawiki 1.5_alpha2 |
||
mediawiki mediawiki 1.5.0 |
||
mediawiki mediawiki 1.5_beta3 |