VWE-2013-0228-1 Printable Version
This page is a chapter in Info Known Vulnerabilities
This page has been seen 11,138 times.
-
-
Created by on
-
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2013-0228-1 Related Report None Severity Extreme Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Arbitrary code execution. By using specially-crafted MediaWiki syntax within wiki content while legacy code support is enabled, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered January 6, 2013 Resolved January 8, 2013 Patches Available 3.0.20
Notes
For some inexplicable reason, this was treated as a standard bug at the time it was discovered, so other vulnerable versions never received patches. This decision is strange because the similar issue VWE-2012-0205 was addressed in the same time period, but was patched in multiple versions.