XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping (CVE-2017-8808). Reflected File Download from api.php (CVE-2017-8809). On private wikis, login form shouldn’t distinguish between login failure due to bad username and bad password (CVE-2017-8810). It’s possible to mangle HTML via raw message parameter expansion (CVE-2017-8811). The id attribute on headlines allow raw > (CVE-2017-8812). Language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition (CVE-2017-8814). Language converter: unsafe attribute injection via glossary rules (CVE-2017-8815). composer.json has require-dev versions of PHPUnit with known security issues (CVE-2017-9841). Note that MediaWiki 1.23.x on Mageia 5 is no longer supported. Those using the mediawiki package on Mageia 5 should upgrade to Mageia 6.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchmediawiki< 1.27.4-1mediawiki-1.27.4-1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	mediawiki	< 1.27.4-1	mediawiki-1.27.4-1.mga6

References

bugs.mageia.org/show_bug.cgi?id=22038

lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html

openvas 5

nessus 4

debian 1

freebsd 1

archlinux 1

ubuntucve 8

osv 12

cve 8

debiancve 8

prion 8

cvelist 8

checkpoint_advisories 2

thn 4

veracode 1

cisa_kev 1

packetstorm 1

wpexploit 2

friendsofphp 2

nuclei 1

wpvulndb 2

qualysblog 2

github 4

zdt 1

impervablog 6

attackerkb 1

hackerone 1

gentoo 1

exploitdb 1

threatpost 1

ics 1

cisa 1

oracle 1

openvas

Mageia: Security Advisory (MGASA-2017-0429)

2022-01-28 00:00:00

Debian: Security Advisory (DSA-4036-1)

2017-11-14 00:00:00

MediaWiki Multiple Vulnerabilities (Nov 2017) - Windows

2017-11-16 00:00:00

nessus

Debian DSA-4036-1 : mediawiki - security update

2017-11-16 00:00:00

FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)

2017-11-20 00:00:00

GLSA-201711-15 : PHPUnit: Remote code execution

2017-11-20 00:00:00

debian

[SECURITY] [DSA 4036-1] mediawiki security update

2017-11-15 21:58:29

freebsd

mediawiki -- multiple vulnerabilities

2017-11-14 00:00:00

archlinux

[ASA-201711-20] mediawiki: multiple issues

2017-11-15 00:00:00

ubuntucve

CVE-2017-8810

2017-11-15 00:00:00

CVE-2017-8809

2017-11-15 00:00:00

CVE-2017-8808

2017-11-15 00:00:00

osv

CVE-2017-8810

2017-11-15 08:29:00

CVE-2017-8809

2017-11-15 08:29:00

CVE-2017-8808

2017-11-15 08:29:00

cve

CVE-2017-8809

2017-11-15 08:29:00

CVE-2017-8810

2017-11-15 08:29:00

CVE-2017-8814

2017-11-15 08:29:00

debiancve

CVE-2017-8809

2017-11-15 08:29:00

CVE-2017-8810

2017-11-15 08:29:00

CVE-2017-8815

2017-11-15 08:29:00

prion

Design/Logic Flaw

2017-11-15 08:29:00

Arbitrary file deletion

2017-11-15 08:29:00

Hardcoded credentials

2017-11-15 08:29:00

cvelist

CVE-2017-8809

2017-11-15 08:00:00

CVE-2017-8810

2017-11-15 08:00:00

CVE-2017-8808

2017-11-15 08:00:00

checkpoint_advisories

MediaWiki Reflected Cross-Site Scripting (CVE-2017-8809)

2020-01-29 00:00:00

PHPUnit Command Injection (CVE-2017-9841)

2019-11-04 00:00:00

thn

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

2020-10-29 10:02:00

Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

2023-11-03 13:12:00

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

2024-03-21 12:48:00

veracode

Remote Code Execution (RCE)

2017-06-28 01:33:54

cisa_kev

PHPUnit Command Injection Vulnerability

2022-02-15 00:00:00

packetstorm

PHP Unit 4.8.28 Remote Code Execution

2022-02-02 00:00:00

wpexploit

Multiple Plugins - Unauthenticated RCE via PHPUnit

2017-08-26 00:00:00

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

2020-03-25 00:00:00

friendsofphp

RCE vulnerability in phpunit

2016-11-13 17:52:50

RCE vulnerability in phpunit

2016-11-13 17:52:50

nuclei

PHPUnit - Remote Code Execution

2020-08-07 08:02:28

wpvulndb

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

2020-03-25 00:00:00

Multiple Plugins - Unauthenticated RCE via PHPUnit

2017-08-26 00:00:00

qualysblog

Risk Fact #4: Malware in your Cloud means Exploitation is underway

2023-08-29 08:02:57

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

github

PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841

2020-01-07 17:20:47

PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841

2020-01-08 03:10:44

PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841

2020-01-08 03:10:30

zdt

PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit

2022-02-02 00:00:00

impervablog

CrimeOps of the KashmirBlack Botnet – Part I

2020-10-22 13:07:28

The Resurrection of PHPUnit RCE Vulnerability

2020-02-18 18:27:41

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice

2018-09-26 16:18:36

attackerkb

CVE-2017-9841

2017-06-27 00:00:00

hackerone

8x8: Exposed PHP dependencies at ██.8x8.com

2021-03-22 17:56:43

gentoo

PHPUnit: Remote code execution

2017-11-19 00:00:00

exploitdb

PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)

2022-02-02 00:00:00

threatpost

Threatlist: Hackers Turn to Python as Attack Coding Language of Choice

2018-09-27 20:08:07

ics

Known Indicators of Compromise Associated with Androxgh0st Malware

2024-01-16 12:00:00

cisa

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

2022-02-15 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.975 High

EPSS

Percentile

100.0%

JSON

Related for MGASA-2017-0429