CVE-2017-0367 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Arbitrary code execution |
| Description | MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code as the web user by crafting a cache file whose content will be passe to unserialize(). |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-236 | mediawiki | 1.28.0-1 | 1.28.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 07 Apr 2017 | ASA-201704-3 | AVG-236 | mediawiki | High | multiple issues |
| References |
|---|
https://phabricator.wikimedia.org/T161453 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html |