CVE-2005-4031 Information

Description

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \user language option\ which is used as part of a dynamic class name that is processed using the eval function.

Reference

http://secunia.com/advisories/17866 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 http://www.kb.cert.org/vuls/id/392156 http://www.securityfocus.com/bid/15703 http://www.vupen.com/english/advisories/2005/2726