Published: 13/04/2018 Updated: 17/05/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 790
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

Affected Products

Vendor Product Versions
MediawikiMediawiki1.23.15, 1.27.0, 1.27.1, 1.27.2, 1.28.0, 1.28.1
DebianDebian Linux7.0, 9.0

Vendor Advisories

Debian Bug report logs - #861585 mediawiki: CVE-2017-0372 (included in security release 1273 and 1282) Package: src:mediawiki; Maintainer for src:mediawiki is Kunal Mehta <legoktm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 May 2017 04:54:02 UTC Severity: important Tags: fixed ...
The SyntaxHighlight extension in MediaWiki before 1281 does not properly validate the 'start' parameter before passing it to Pygments ...
Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawiki Type : multiple issues ...

Mailing Lists

A vulnerability was found in the SyntaxHighlight MediaWiki extension Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition In addition, it allows the creating o ...

Metasploit Modules

MediaWiki SyntaxHighlight extension option injection vulnerability

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki version 1.27.x & 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

msf > use exploit/multi/http/mediawiki_syntaxhighlight
      msf exploit(mediawiki_syntaxhighlight) > show targets
      msf exploit(mediawiki_syntaxhighlight) > set TARGET <target-id>
      msf exploit(mediawiki_syntaxhighlight) > show options
            ...show and set options...
      msf exploit(mediawiki_syntaxhighlight) > exploit