Search for vulnerabilities
Vulnerability details: VCID-gu1t-6ste-aaan
Vulnerability ID VCID-gu1t-6ste-aaan
Aliases CVE-2014-9277
Summary The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9277.html
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.01191 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.02784 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03087 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03087 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03087 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
epss 0.03291 https://api.first.org/data/v1/epss?cve=CVE-2014-9277
generic_textual Medium https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277
generic_textual Medium https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-9277
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9277.html
https://api.first.org/data/v1/epss?cve=CVE-2014-9277
https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277
http://securitytracker.com/id?1031301
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
https://phabricator.wikimedia.org/T73478
http://www.debian.org/security/2014/dsa-3100
http://www.openwall.com/lists/oss-security/2014/12/03/9
http://www.openwall.com/lists/oss-security/2014/12/04/16
772764 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772764
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*
CVE-2014-9277 https://nvd.nist.gov/vuln/detail/CVE-2014-9277
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-9277
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.72966
EPSS Score 0.00862
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.