Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)

Description

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Editor Cross-Site Scripting (1.2.6.2)

WordPress Plugin Comment Rating 'path' Parameter Cross-Site Scripting (2.9.20)

WordPress Plugin Portfolio Responsive Gallery SQL Injection (1.1.7)

Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.6)

Severity

Medium

Classification

CVE-2013-4569 CWE-200

Tags

Missing Update Known Vulnerabilities