Description

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

Remediation

References

CVE-2017-8809

Related Vulnerabilities

WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.6)

WordPress Plugin AccessPress Anonymous Post Pro Arbitrary File Upload (3.1.9)

ownCloud Improper Access Control Vulnerability (CVE-2014-2048)

WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.6.2)

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-45856)

Severity

Critical

Classification

CVE-2017-8809 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities