Description

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

Remediation

References

CVE-2008-5688

Related Vulnerabilities

Oracle JRE CVE-2022-21426 Vulnerability (CVE-2022-21426)

WordPress Plugin SB Uploader Arbitrary File Upload (4.1)

MediaWiki Credentials Management Errors Vulnerability (CVE-2015-8009)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4286)

Backbone.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10537)

Severity

Medium

Classification

CVE-2008-5688 CWE-200

Tags

Missing Update Known Vulnerabilities