Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Restriction of XML External Entity Reference Vulnerability - CVE-2014-9487 - Vulnerability Database
MediaWiki

MediaWiki Improper Restriction of XML External Entity Reference Vulnerability - CVE-2014-9487

Critical
Reference: CVE-2014-9487
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9487
Title: MediaWiki Improper Restriction of XML External Entity Reference Vulnerability
Overview:

The getid3 library in MediaWiki before 1.24.1 1.23.8 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files cause a denial of service or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.