CVE-2017-8809 — Injection in Mediawiki

Severity

9.8CRITICALNVD

EPSS

18.1%

top 4.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 15

Latest updateMay 17

Description

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶debiandebian/mediawiki< mediawiki 1:1.27.4-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.27.4-1+3

Also affects: Debian Linux 9.0

GHSA

GHSA-9jj4-4ghw-p8jj: api↗2022-05-17

▶

OSV

CVE-2017-8809: api↗2017-11-15

▶

Debian

CVE-2017-8809: mediawiki - api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29...↗2017

▶