3 matches found
DEBIAN-CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...
MediaWiki SyntaxHighlight extension option injection vulnerability
This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki...
Fedora 25 : mediawiki (2017-3fb95ed01f)
T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...