Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0372Injection in Mediawiki

CWE-74Injection9 documents6 sources
Severity
9.8CRITICALNVD
EPSS
58.4%
top 1.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
MediawikiDebian MediawikiDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.27.3-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.27.3-1+3
NVDmediawiki/mediawiki1.23.15+5
CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0, 9.0

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-c759-44hj-j247: Parameters injection in the SyntaxHighlight extension of Mediawiki before 12022-05-14
OSV
CVE-2017-0372: Parameters injection in the SyntaxHighlight extension of Mediawiki before 12018-04-13

💥Exploits & PoCs

1
Metasploit
MediaWiki SyntaxHighlight extension option injection vulnerability

📋Vendor Advisories

1
Debian
CVE-2017-0372: mediawiki - Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.1...2017

💬Community

4
Bugzilla
CVE-2017-0372 mediawiki: SyntaxHighlight extension allows injection of arbitrary Pygments options2017-05-04
Bugzilla
CVE-2017-0372 mediawiki: SyntaxHighlight extension allows injection of arbitrary Pygments options [fedora-all]2017-05-04
Bugzilla
CVE-2017-0372 mediawiki119: mediawiki: SyntaxHighlight extension allows injection of arbitrary Pygments options [epel-6]2017-05-04
Bugzilla
CVE-2017-0372 mediawiki123: mediawiki: SyntaxHighlight extension allows injection of arbitrary Pygments options [epel-7]2017-05-04
CVE-2017-0372 — Injection in Debian Mediawiki | cvebase