CVE-2017-0372
CRITICALMediawiki < 1.23.15 - Injection
Title source: ruleDescription
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Exploits (1)
metasploit
WORKING POC
GOOD
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mediawiki_syntaxhighlight.rb
References (5)
Scores
CVSS v3
9.8
EPSS
0.5835
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (8)
debian/debian_linux
7.0
debian/debian_linux
9.0
mediawiki/mediawiki
1.27.0
mediawiki/mediawiki
1.27.1
mediawiki/mediawiki
1.27.2
mediawiki/mediawiki
1.28.0
mediawiki/mediawiki
1.28.1
mediawiki/mediawiki
< 1.23.15
Published
Apr 13, 2018
Tracked Since
Feb 18, 2026