WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-8809)

Description

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

Remediation

References

Related Vulnerabilities

WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)

MySQL CVE-2017-3646 Vulnerability (CVE-2017-3646)

Oracle Database Server Other Vulnerability (CVE-2007-3857)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)

WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2)

Severity

Critical

Classification

CVE-2017-8809 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities