Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Other Vulnerability (CVE-2013-4570)

Description

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

Remediation

References

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)

WordPress Plugin LBstopattack Cross-Site Request Forgery (1.1.2)

WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.9.3)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4077)

Severity

Medium

Classification

CVE-2013-4570

Tags

Missing Update Known Vulnerabilities