1. Home
  2. CVE Database
  3. CVE-2011-0537
HIGH · 7.5

CVE-2011-0537

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Nov...

Vulnerability Description

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MediawikiMediawiki1.8.0
MicrosoftWindowsAll versions

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2011-0537?

CVE-2011-0537 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Nov...

How severe is CVE-2011-0537?

CVE-2011-0537 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0537?

Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Microsoft Windows.