Description
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.
Remediation
References
Related Vulnerabilities
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2022-48565)
axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-44494)
WordPress Plugin WooCommerce Cross-Site Scripting (5.1.0)
Oracle Database Server CVE-2013-5764 Vulnerability (CVE-2013-5764)