Description

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

Remediation

References

CVE-2010-1190

Related Vulnerabilities

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9599)

WordPress Plugin Persian Woocommerce SMS Cross-Site Scripting (3.3.2)

MediaWiki Improper Privilege Management Vulnerability (CVE-2021-44857)

WordPress Plugin spam-byebye Cross-Site Scripting (2.2.1)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)

Severity

Medium

Classification

CVE-2010-1190 CWE-264

Tags

Missing Update Known Vulnerabilities