MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote malicious users to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.24.2 |
||
mediawiki mediawiki 1.24.3 |
||
mediawiki mediawiki 1.24.4 |
||
mediawiki mediawiki 1.24.0 |
||
mediawiki mediawiki 1.24.1 |
||
mediawiki mediawiki 1.25.2 |
||
mediawiki mediawiki 1.26.0 |
||
mediawiki mediawiki 1.25.1 |
||
mediawiki mediawiki 1.25.0 |
||
mediawiki mediawiki 1.25.3 |
||
mediawiki mediawiki |