MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

Description

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

Remediation

References

CVE-2008-5687

Related Vulnerabilities

MySQL CVE-2020-14837 Vulnerability (CVE-2020-14837)

Apache Tomcat Other Vulnerability (CVE-2011-1419)

WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)

WordPress Plugin Delete All Comments Easily Cross-Site Request Forgery (1.3)

Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)

Severity

Medium

Classification

CVE-2008-5687 CWE-264