Showing 1 - 2 of 2

CVE-2017-0372

Status Candidate

Overview

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

MediaWiki SyntaxHighlight Extension Option Injection: Posted May 20, 2017; Authored by Yorick Koster | Site metasploit.com; This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.; tags | exploit, root, php; advisories | CVE-2017-0372; SHA-256 | 42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dac; Download | Favorite | View

SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting: Posted Apr 29, 2017; Authored by Yorick Koster, Securify B.V.; A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.; tags | exploit, arbitrary, php, xss; advisories | CVE-2017-0372; SHA-256 | 50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253; Download | Favorite | View

Page 1 of 1 Back 1 Next