Description MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. Remediation References CVE-2014-1686 Related Vulnerabilities WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (6.1) WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.3.1) WordPress Plugin WordPoints Multiple Vulnerabilities (1.10.2) WordPress Plugin Data Tables Generator by Supsystic Security Bypass (1.10.25) Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720) Severity Medium Classification CVE-2014-1686 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities