Description

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

Remediation

References

CVE-2007-0894

Related Vulnerabilities

jQuery Validation Other Vulnerability (CVE-2021-43306)

Django Improper Output Neutralization for Logs Vulnerability (CVE-2025-48432)

WordPress Plugin miniOrange's Google Authenticator-WordPress Two Factor Authentication (2FA, MFA, OTP SMS and Email)-Passwordless login Cross-Site Scripting (5.4.39)

XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49583)

WordPress Plugin News Element Elementor Blog Magazine Local File Inclusion (1.0.5)

Severity

Medium

Classification

CVE-2007-0894

Tags

Missing Update Known Vulnerabilities