Description

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

Remediation

References

CVE-2017-0367

Related Vulnerabilities

WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)

WordPress Plugin Loco Translate PHP Code Injection (2.5.3)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.16)

WordPress Plugin ContentStudio Multiple Vulnerabilities (1.2.5)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

Severity

High

Classification

CVE-2017-0367 CWE-668 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities