Metasploit modules that can be used to exploit Mediawiki » Mediawiki » 1.9.0 rc2

Order by Disclosure Date Module Name Module Type
  • MediaWiki SyntaxHighlight extension option injection vulnerability
    Disclosure Date: 2017-04-06
    First seen: 2020-04-26
    exploit/multi/http/mediawiki_syntaxhighlight
    This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki version 1.27.x & 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3. Authors: - Yorick Koster
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close