vulnerability

MediaWiki: Information Exposure (CVE-2015-8625)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Mar 23, 2017	Aug 24, 2017	Mar 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Mar 23, 2017

Added

Aug 24, 2017

Modified

Mar 7, 2024

Description

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

Solution

mediawiki-upgrade-latest

References

CVE-2015-8625
https://attackerkb.com/topics/CVE-2015-8625
URL-http://www.openwall.com/lists/oss-security/2015/12/21/8
URL-http://www.openwall.com/lists/oss-security/2015/12/23/7
URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html
URL-https://phabricator.wikimedia.org/T118032

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today