Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the user language option, which is used as part of a dynamic class name that is processed using the eval function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mediawiki | Mediawiki | 1.5.0 (including) | 1.5.0 (including) |
Mediawiki | Mediawiki | 1.5.1 (including) | 1.5.1 (including) |
Mediawiki | Mediawiki | 1.5.2 (including) | 1.5.2 (including) |
Mediawiki | Mediawiki | 1.5_alpha1 (including) | 1.5_alpha1 (including) |
Mediawiki | Mediawiki | 1.5_alpha2 (including) | 1.5_alpha2 (including) |
Mediawiki | Mediawiki | 1.5_beta1 (including) | 1.5_beta1 (including) |
Mediawiki | Mediawiki | 1.5_beta2 (including) | 1.5_beta2 (including) |
Mediawiki | Mediawiki | 1.5_beta3 (including) | 1.5_beta3 (including) |