VWE-2013-0228-1 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2013-0228-1
This page is a chapter in Info Known Vulnerabilities

This page has been seen 11,138 times.

    • Created by on
Common NameNone
VWE-IDVWE-2013-0228-1
Related ReportNone
SeverityExtreme
Exploit DifficultyEASY
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionArbitrary code execution. By using specially-crafted MediaWiki syntax within wiki content while legacy code support is enabled, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
DiscoveredJanuary 6, 2013
ResolvedJanuary 8, 2013
Patches Available3.0.20
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes

For some inexplicable reason, this was treated as a standard bug at the time it was discovered, so other vulnerable versions never received patches. This decision is strange because the similar issue VWE-2012-0205 was addressed in the same time period, but was patched in multiple versions.