Arbitrary File Read Vulnerability in MediaWiki

Arbitrary File Read Vulnerability in MediaWiki

CVE-2015-8625 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

Learn more about our Web Application Penetration Testing UK.