CVE-2011-0537

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.8.0 through 1.16.2

Description The issue concerns directory traversal vulnerabilities in MediaWiki, specifically in the languages/Language.php and includes/StubObject.php files. These vulnerabilities can be exploited by remote attackers to include and execute arbitrary local PHP files. The exploitation is related to crafted language files and the Language::factory function. The issue is relevant when MediaWiki is running on Windows and possibly Novell Netware.

Recommendations For MediaWiki versions 1.8.0 through 1.16.2, update to version 1.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Language::factory function and limiting the ability to upload or modify language files until a patch is applied. Additionally, restrict access to sensitive PHP files to minimize the risk of exploitation.