WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)

Description

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

Remediation

References

Related Vulnerabilities

WordPress Plugin Acunetix Secure WordPress Cross-Site Scripting (3.0.3)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0309)

WildFly Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0793)

WordPress Plugin WPtouch 'wptouch_settings' Parameter Cross-Site Scripting (1.9.20)

WordPress Plugin Image Photo Gallery Final Tiles Grid Cross-Site Scripting (3.4.18)

Severity

Medium

Classification

CVE-2018-13258 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities