### 漏洞关键信息 - **漏洞名称**: - `` mal ickkai allows injection in API format=php - **状态**: - Closed, Resolved - **类型**: - Security - **影响范围**: - API clients written in PHP - **关键关键词**: - API format=php - serialize - unserialization - **修复措施**: - Patched in commit: - [https://gerrit.wikimedia.org/r/#/c/174289/](https://gerrit.wikimedia.org/r/#/c/174289/) - [https://gerrit.wikimedia.org/r/#/c/174496/](https://gerrit.wikimedia.org/r/#/c/174496/) - **相关链接**: - [T75574: Host crossdomain.xml master policy file](phabricator.wikimedia.org/D75574) - [T118538: Reduce the usage of API format=php](phabricator.wikimedia.org/D118538) - **历史跟踪**: - November 22, 2014: bzimport raised the priority of this task from Needs Triage to Security-Core. - December 3, 2014: Task resolved. - December 5, 2014: CVE-2014-9277 assigned.