CVE-2017-0372

CRITICAL

MediaWiki < 1.23.16, 1.27.3, 1.28.2 - Parameter Injection in SyntaxHighlight Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0372. Includes Metasploit module exploits/multi/http/mediawiki_syntaxhighlight.

AI-analyzed exploit summary This Metasploit module exploits an option injection vulnerability in the MediaWiki SyntaxHighlight extension to create and execute a PHP file in the document root. It leverages the 'cssfile' and 'classprefix' parameters to inject malicious PHP code, achieving remote code execution.

Description

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

Exploits (1)

metasploit WORKING POC GOOD

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mediawiki_syntaxhighlight.rb

View Code ZIP pw:eip

This Metasploit module exploits an option injection vulnerability in the MediaWiki SyntaxHighlight extension to create and execute a PHP file in the document root. It leverages the 'cssfile' and 'classprefix' parameters to inject malicious PHP code, achieving remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MediaWiki with SyntaxHighlight extension 2.0 (affects MediaWiki 1.27.x and 1.28.x)

Auth required

Prerequisites: MediaWiki installation with vulnerable SyntaxHighlight extension · Network access to the target · Optional authentication credentials if the wiki is private

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →