CVE-2017-8809

CRITICAL LAB

Mediawiki < 1.27.3 - Injection

Title source: rule

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

nomisec WORKING POC 5 stars

by motikan2010 · poc

CVSS v3 9.8

EPSS 0.1808

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

COMMUNITY

Community Lab

docker pull mediawiki:1.29.1

View in Library

CWE

CWE-74

Status published

Products (8)

debian/debian_linux 9.0

mediawiki/mediawiki 1.28.0

mediawiki/mediawiki 1.28.1

mediawiki/mediawiki 1.28.2

mediawiki/mediawiki 1.29.0

mediawiki/mediawiki 1.29.1

mediawiki/mediawiki < 1.27.3

n/a/MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Published Nov 15, 2017

Tracked Since Feb 18, 2026