Security Advisory

CVE-2015-8625

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-03-23 20:00:00

Last updated 2024-08-06 08:20:43

Assigner mitre

State PUBLISHED

Description

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

← Browse all CVEs View on cve.org ↗