The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2013-0228-3 Related Report None Severity Extreme Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Arbitrary code execution. By using specially-crafted TEMPLATE BB-Code parameters or MediaWiki syntax within wiki content, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered January 9, 2013 Resolved January 8, 2013 Patches Available 3.0.20 Notes
For some inexplicable reason, this was treated as a standard bug at the time it was discovered, so other vulnerable versions never received patches. This decision is strange because the similar issue VWE-2012-0205 was addressed in the same time period, but was patched in multiple versions.
In addition, this issue was addressed in an existing patch that had already been released, resulting in some users likely not benefitting from the fixes.
This page has been seen 98 times.
-
-
Created by on
-