Arbitrary File Read Vulnerability in MediaWiki
CVE-2015-8625 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
Learn more about our Web Application Penetration Testing UK.