Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2005-12-06 CVE-2005-4031 Remote Code Execution vulnerability in MediaWiki User Language
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
network
low complexity
mediawiki
7.5
7.5
2005-02-22 CVE-2005-0535 Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
network
low complexity
mediawiki gentoo
7.5
7.5
2004-12-31 CVE-2004-2186 Remote Input Validation vulnerability in Mediawiki 1.3.5
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
network
low complexity
mediawiki
7.5
7.5
2004-12-31 CVE-2004-1405 Remote Arbitrary Script Upload vulnerability in MediaWiki
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
network
low complexity
mediawiki
7.5
7.5