Description

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

Remediation

References

CVE-2017-8809

Related Vulnerabilities

WordPress Plugin Wordpress Forms Multiple Vulnerabilities (0.2.7.1)

Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)

Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-46240)

Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)

Severity

Critical

Classification

CVE-2017-8809 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities