Description

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

Remediation

References

CVE-2008-5687

Related Vulnerabilities

Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3742)

Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999047)

Roundcube Improper Input Validation Vulnerability (CVE-2011-1491)

Django Uncontrolled Recursion Vulnerability (CVE-2019-14235)

Severity

Medium

Classification

CVE-2008-5687 CWE-264

Tags

Missing Update Known Vulnerabilities