Description
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.5.1)
WordPress Plugin WP-Forum SQL Injection (2.4)
GlassFish CVE-2017-3626 Vulnerability (CVE-2017-3626)
Oracle JRE CVE-2013-5830 Vulnerability (CVE-2013-5830)
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)