Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability - CVE-2014-9277 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability - CVE-2014-9277

High
Reference: CVE-2014-9277
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9277
Title: MediaWiki Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability
Overview:

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22 1.20.x through 1.22.x before 1.22.14 and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing ltcross-domain-policygt in a PHP format request which causes the string length to change when converting the request to ltNOT-cross-domain-policygt.