Skip to main content

Mediawiki CVE-2013-4570

MEDIUM
2014-05-12 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
May 12, 2014 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

AnalysisAI

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. Affected products include: Mediawiki. Version information: before 1.19.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-1610 MEDIUM POC
6.0 Jan 30

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is

CVE-2015-8009 CRITICAL POC
9.8 Jul 25

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4,

CVE-2023-37303 CRITICAL POC
9.8 Jun 30

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. Rated critical severity (CVSS 9.8), thi

CVE-2022-29906 CRITICAL POC
9.8 Apr 29

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf

CVE-2022-29904 CRITICAL POC
9.8 Apr 29

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQ

CVE-2022-28206 CRITICAL POC
9.8 Mar 30

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2022-28205 CRITICAL POC
9.8 Mar 30

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2021-36128 CRITICAL POC
9.8 Jul 02

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this

CVE-2021-36126 CRITICAL POC
9.8 Jul 02

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this

CVE-2017-8809 CRITICAL
9.8 Nov 15

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnera

CVE-2021-36132 HIGH POC
8.8 Jul 02

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. Rated high severity (CVSS 8.8), this vu

CVE-2014-9277 HIGH POC
7.5 Jan 04

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14,

Share

CVE-2013-4570 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy