Description
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Banners Lite Cross-Site Scripting (1.40)
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-20326)
Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)
WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)
WordPress Plugin Keyword Strategy Internal Links Multiple Cross-Site Scripting Vulnerabilities (2.0)