{"vuid":"VU#392156","idnumber":"392156","name":"MediaWiki fails to properly verify input passed to the user language option","keywords":["MediaWiki","arbitrary PHP code execution","user language option","eval() call"],"overview":"A vulnerability in some versions of MediaWiki may allow a remote attacker to execute code on a vulnerable wiki server.","clean_desc":"MediaWiki is a PHP-based software package that is used to run a wiki, a collaborative website that can be edited by any user or visitor. Some versions of the MediaWiki software contain an error in the validation of the user language option. This error results in a vulnerability since this parameter is supplied by a remote user and is used in forming a class name dynamically created with the PHP eval() function.","impact":"A remote attacker may be able to execute PHP code of their choosing on a vulnerable server. The attacker-supplied code would be executed in the context of the web server","resolution":"Upgrade Version 1.5.3 of the MediaWiki software contains a fix for this issue. Users of older 1.5.x versions of the software are encouraged to upgrade to this fixed version. Versions 1.4 and earlier of the software are reportedly not affected by this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to the \nMediaWiki\n project for reporting this vulnerability.","author":"This document was written by Chad R Dougherty based on information provided by the MediaWiki project.","public":["h","t","t","p",":","/","/","s","e","c","u","n","i","a",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","1","7","8","6","6","/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-12-05T20:11:05Z","publicdate":"2005-12-05T00:00:00Z","datefirstpublished":"2005-12-07T20:45:57Z","dateupdated":"2005-12-07T20:46:30Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"12","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"16.875","cam_scorecurrentwidelyknown":"20.25","cam_scorecurrentwidelyknownexploited":"33.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":16.875,"vulnote":null}