CVE-2005-4031

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/12/2005
Last modified:
03/04/2025

Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.5_beta3:*:*:*:*:*:*:*