CVE-2011-0537
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
04/02/2011
Last modified:
11/04/2025
Description
Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
- http://osvdb.org/70798
- http://osvdb.org/70799
- http://www.openwall.com/lists/oss-security/2011/02/01/4
- http://www.openwall.com/lists/oss-security/2011/02/03/3
- http://www.vupen.com/english/advisories/2011/0273
- https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
- http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
- http://osvdb.org/70798
- http://osvdb.org/70799
- http://www.openwall.com/lists/oss-security/2011/02/01/4
- http://www.openwall.com/lists/oss-security/2011/02/03/3
- http://www.vupen.com/english/advisories/2011/0273
- https://bugzilla.wikimedia.org/show_bug.cgi?id=27094