Description

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

Remediation

References

CVE-2011-4361

Related Vulnerabilities

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Security Bypass (2.0.13)

WordPress Plugin Prevent files/folders access Cross-Site Request Forgery (1.1.1)

Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Request Forgery (2.0.2)

WordPress Directory Traversal (3.7 - 5.0.3)

Severity

Medium

Classification

CVE-2011-4361 CWE-276

Tags

Missing Update Known Vulnerabilities