MediaWiki.Language.Option.PHP.Code.Execution
Description
This indicates a possible exploit of a remote code execution vulnerability in MediaWiki.
This flaw is due to an input validation error when processing, via an "eval()" call, a specially crafted user language option. It may be exploited by remote attackers to execute arbitrary commands with the privileges of the web server.
Affected Products
MediaWiki MediaWiki 1.5.2
MediaWiki MediaWiki 1.5.1
MediaWiki MediaWiki 1.5 beta3
MediaWiki MediaWiki 1.5 beta2
MediaWiki MediaWiki 1.5 beta1
MediaWiki MediaWiki 1.5 alpha2
MediaWiki MediaWiki 1.5 alpha1
MediaWiki MediaWiki 1.5.0
Impact
System compromise: execution of arbitrary PHP code.
Recommended Actions
Upgrade to MediaWiki version 1.5.3 :
http://www.mediawiki.org/wiki/Download
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |