Description
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-in-One Addons for Elementor-WidgetKit Cross-Site Scripting (2.4.3)
Squid Improper Input Validation Vulnerability (CVE-2016-4555)
WordPress Plugin Discounts Manager for Products Cross-Site Scripting (3.4.4)
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)
WordPress Plugin oQey Headers 'oqey_settings.php' SQL Injection (0.3)