Design/Logic Flaw

2015-01-0421:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

91.8%

JSON

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.

CPENameOperatorVersion
mediawikieq1.23.0
mediawikieq1.21.11
mediawikile1.19.21
mediawikieq1.22.8
mediawikieq1.20.5
mediawikieq1.23.4
mediawikieq1.20.1
mediawikieq1.22.10
mediawikieq1.22.6
mediawikieq1.22.13

Name	Operator	Version
mediawiki	eq	1.23.0
mediawiki	eq	1.21.11
mediawiki	le	1.19.21
mediawiki	eq	1.22.8
mediawiki	eq	1.20.5
mediawiki	eq	1.23.4
mediawiki	eq	1.20.1
mediawiki	eq	1.22.10
mediawiki	eq	1.22.6
mediawiki	eq	1.22.13