Description
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
PostgreSQL CVE-2023-2454 Vulnerability (CVE-2023-2454)
Oracle HTTP Server Other Vulnerability (CVE-2004-2115)
WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996)
Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-22504)