Description

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

Remediation

References

CVE-2010-1190

Related Vulnerabilities

Oracle Database Server CVE-2006-3705 Vulnerability (CVE-2006-3705)

WordPress Plugin Calendar Cross-Site Scripting (1.3.7)

WordPress 2.2.1 Multiple Vulnerabilities (2.2.1)

Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.28)

Severity

Medium

Classification

CVE-2010-1190 CWE-264

Tags

Missing Update Known Vulnerabilities