Description

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

Remediation

References

CVE-2007-0894

Related Vulnerabilities

WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)

WordPress Plugin MAZ Loader-Preloader Builder for WordPress Cross-Site Request Forgery (1.4.0)

TYPO3 CVE-2023-38499 Vulnerability (CVE-2023-38499)

Envoy Proxy CVE-2020-25018 Vulnerability (CVE-2020-25018)

phpBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2003-1530)

Severity

Medium

Classification

CVE-2007-0894

Tags

Missing Update Known Vulnerabilities