Vulnerabilities > Mediawiki > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-06 | CVE-2005-4031 | Remote Code Execution vulnerability in MediaWiki User Language Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. | 7.5 |
2005-02-22 | CVE-2005-0535 | Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | 7.5 |
2004-12-31 | CVE-2004-2186 | Remote Input Validation vulnerability in Mediawiki 1.3.5 SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | 7.5 |
2004-12-31 | CVE-2004-1405 | Remote Arbitrary Script Upload vulnerability in MediaWiki MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | 7.5 |