MediaWiki ExpandTemplates Extension Multiple Vulnerabilities - Jan15 Network Vulnerability

Summary

This host is installed with ExpandTemplates extension for MediaWiki is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Solution

Upgrade to ExpandTemplates version 1.24.1 or later. For updates refer to http://www.mediawiki.org/wiki/Extension:ExpandTemplates

Insight

Multiple flaws exist when'$wgRawHtml' is set to true. - Input passed via 'wpInput' parameter in the script is not validated before returning it to users.

Affected

ExpandTemplates version before 1.24 extension for MediaWiki.

Detection

Send a crafted HTTP POST request and check whether it is able to read cookie or not.

References

http://www.openwall.com/lists/oss-security/2015/01/03/13

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-9276, CVE-2014-9478

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
aeNovo Database Content Disclosure Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

MediaWiki ExpandTemplates extension Multiple Vulnerabilities - Jan15

Take action and discover your vulnerabilities