---

CVE-2017-0367 - log back

CVE-2017-0367 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code as the web user by crafting a cache file whose content will be passe to unserialize().
References	+ https://phabricator.wikimedia.org/T161453 + https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes