Description

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

Remediation

References

CVE-2015-8625

Related Vulnerabilities

WordPress Plugin RestroPress-Online Food Ordering System Security Bypass (2.8.3)

WordPress Plugin Jayj Quicktag Multiple Vulnerabilities (1.3.1)

WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)

MySQL CVE-2021-2226 Vulnerability (CVE-2021-2226)

Severity

High

Classification

CVE-2015-8625 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities