Detections
Analytics
MediaWiki < 1.19.17 / 1.21.11 / 1.22.8 / 1.23.1 External SVG Resource
medium Nessus Plugin ID 76405
Language:
Synopsis
The remote web server contains an application that is affected by an input validation vulnerability.Description
According to its version number, the instance of MediaWiki running on the remote host is affected by an error related to SVG file handling that allows unintended usage of external resources.Nessus has not tested for this issue but has instead relied on the application's self-reported version number.
Solution
Upgrade to MediaWiki version 1.19.17 / 1.22.8 / 1.23.1 or later.Note that, while 1.21.11 addresses this vulnerability, the 1.21 branch reached end-of-life in June 2014.
See Also
http://www.nessus.org/u?4ef35312
https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.17
https://www.mediawiki.org/wiki/Release_notes/1.21#MediaWiki_1.21.11
https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.8
https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.1
Plugin Details
Severity: Medium
ID: 76405
File Name: mediawiki_1_22_8.nasl
Version: 1.7
Type: remote
Family: CGI abuses
Published: 7/8/2014
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:mediawiki:mediawiki
Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MediaWiki
Patch Publication Date: 6/25/2014
Vulnerability Publication Date: 6/25/2014