Description

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

Remediation

References

CVE-2015-8625

Related Vulnerabilities

WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

MySQL CVE-2019-2503 Vulnerability (CVE-2019-2503)

WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)

Oracle JRE CVE-2013-1563 Vulnerability (CVE-2013-1563)

Severity

High

Classification

CVE-2015-8625 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities