CVE-2015-8625Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedMar 23
Latest updateMay 17

Description

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Ubuntumediawiki/mediawiki< 1:1.27.4-3
NVDmediawiki/mediawiki1.23.11+10

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-55w7-r459-9wqm: MediaWiki before 12022-05-17
OSV
CVE-2015-8625: MediaWiki before 12017-03-23

📋Vendor Advisories

1
Debian
CVE-2015-8625: mediawiki - MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x...2015

💬Community

1
Bugzilla
CVE-2015-8622 CVE-2015-8623 CVE-2015-8624 CVE-2015-8625 CVE-2015-8626 CVE-2015-8627 CVE-2015-8628 mediawiki: multiple flaws fixed in 1.26.1, 1.25.4, 1.24.5, and 1.23.122015-12-23
CVE-2015-8625 — Sensitive Information Exposure | cvebase