https://bugzilla.wikimedia.org/show_bug.cgi?id=54837
Web browser: ---
Bug ID: 54837
Summary: Extension Poses Security Risks
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: ReplaceText
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
Usage of this extension has been known to pose SEVERE SECURITY RISKS on sites
that only use the default settings. Security measures for special page
extensions should be used to prevent unauthorized usage which may lead to site
and or server hijacking. The extension has vulnerabilities in various areas,
including the usage of globals, PHP and MySQL database classes.
Note: Typical passwords will not prevent a breach against your site(s) if this
extension is used.
It is strongly suggested that users of the extension refrain until an official
version resolving the vulnerability is released; if usage is continued without
resolution, then editing variables and re-declaring functions is suggested. Do
not leave extension exposed on special page, if so, any user on the site will
be able to change bulk content. Do not use if local settings have been leaked
online; you may need to re-install the entire MediaWiki application if so.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
