Description
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Remediation
References
Related Vulnerabilities
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15734)
WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.9.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4588)
WordPress Plugin Register Plus 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities (3.5.1)