CVE-2014-9277
CVSS v2.0
7.5 (High)
EPSS
3.29 % (91th)
Affected Products
1
Advisories
2
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.
Weaknesses
- CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-01-04 21:59:02
(9 years ago) - Updated Date
-
2015-01-06 16:46:13
(9 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...