Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2012-3146 Vulnerability (CVE-2012-3146)
OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.2.3)
Grafana Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33380)
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003003)