|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | MediaWiki Language Option PHP Code Execution Vulnerability (CVE-2005-4031) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | There exists an arbitrary code execution vulnerability in MediaWiki. The flaw is caused by improper checking of the user supplied language option. An attacker can exploit this vulnerability to inject and execute arbitrary code on the vulnerable host. In an attack scenario where arbitrary code execution is attempted, the behaviour of the target is dependent on the intention of the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application will not exhibit any abnormal behaviour. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:15703 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 http://www.kb.cert.org/vuls/id/392156 http://www.vupen.com/english/advisories/2005/2726 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz |