Description
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.9.3)
phpMyAdmin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000013)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.28)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)