Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| MediaWiki Input Validation Flaw in 'wgLanguageCode' and 'mUserLanguage' Parameters Lets Remote Users Execute Arbitrary Commands |
|---|
Categorie: Vulnerability
Posted: 2005-01-19 by ReCall
Views: 345
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in MediaWiki. A remote user can execute arbitrary commands on the target system.
The vendor reported an input validation error that allows a remote user to execute arbitrary PHP code, including operating system commands, on the target server. The code will run with the privileges of the target web service.
The flaw resides in 'setup.php' in the validation of the 'wgLanguageCode' parameter and in 'SpecialPreferences.php' in the validation of the 'mUserLanguage' parameter.
The 1.3.x stable release series is not affected by this vulnerability.
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution: The vendor has released a fixed version of the 1.4 beta series (1.4beta5), available at:
http://zwinger.wikimedia.org/mediawiki/mediawiki-1.4beta5.tar.gz
http://wikipedia.sourceforge.net/
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1302
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
