Happy Melon

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.8.0 through 1.16.2 **Description** The issue concerns directory traversal vulnerabilities in MediaWiki, specifically in the languages/Language.php and includes/StubObject.php files. These vulnerabilities can be exploited by remote attackers to include and execute arbitrary local PHP files. The exploitation is related to crafted language files and the Language::factory function. The issue is relevant when MediaWiki is running on Windows and possibly Novell Netware. **Recommendations** For MediaWiki versions 1.8.0 through 1.16.2, update to version 1.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Language::factory function and limiting the ability to upload or modify language files until a patch is applied. Additionally, restrict access to sensitive PHP files to minimize the risk of exploitation.