Summary
This host is running MediaWiki and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary codes in the context of the web application and execute cross site scripting attacks.
Solution
Upgrade to the latest versions 1.13.3, 1.12.2 or 1.6.11.
http://www.mediawiki.org/wiki/Download
Insight
The flaws are due to,
- input is not properly sanitised before being returned to the user - input related to uploads is not properly sanitised before being used - SVG scripts are not properly sanitised before being used - the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Affected
MediaWiki version 1.13.0 to 1.13.2
MediaWiki version 1.12.x to 1.12.1
MediaWiki versions prior to 1.6.11
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5249, CVE-2008-5250, CVE-2008-5252 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability