High severity7.5NVD Advisory· Published Mar 23, 2017· Updated Jun 17, 2026
CVE-2015-8625
CVE-2015-8625
Description
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: <=1.23.11
- cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*
- (no CPE)range: <1.23.12, <1.24.5, <1.25.4, <1.26.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2015/12/21/8nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2015/12/23/7nvdMailing ListPatchThird Party Advisory
- lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.htmlnvdPatchRelease NotesVendor Advisory
- phabricator.wikimedia.org/T118032nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.