MediaWiki is prone to an information-disclosure vulnerability because it fails to properly restrict the posting of remote images. An attacker can exploit this vulnerability to have users view remote images, which may aid in further attacks. Versions prior to MediaWiki 1.15.2 are vulnerable.

Updates are available. Please see the references for more information.

• http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
• http://wikipedia.sourceforge.net/
• http://www.securityfocus.com/bid/38621

---

Updated on 2015-03-25