2017-10-16 12:31:07 -04:00
{
2019-03-18 02:17:16 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org" ,
"ID" : "CVE-2015-8625" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2017-10-16 12:31:07 -04:00
{
2019-03-18 02:17:16 +00:00
"lang" : "eng" ,
"value" : "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
2017-10-16 12:31:07 -04:00
}
2019-03-18 02:17:16 +00:00
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12" ,
"refsource" : "MLIST" ,
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
} ,
{
"name" : "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12" ,
"refsource" : "MLIST" ,
"url" : "http://www.openwall.com/lists/oss-security/2015/12/23/7"
} ,
{
"name" : "https://phabricator.wikimedia.org/T118032" ,
"refsource" : "CONFIRM" ,
"url" : "https://phabricator.wikimedia.org/T118032"
} ,
{
"name" : "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12" ,
"refsource" : "MLIST" ,
"url" : "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
