Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

Remediation

References

CVE-2015-8005

Related Vulnerabilities

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.2)

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6780)

WordPress Plugin Spryng Payments for WooCommerce Cross-Site Scripting (1.6.7)

Nginx CVE-2023-27729 Vulnerability (CVE-2023-27729)

Severity

Medium

Classification

CVE-2015-8005 CWE-200

Tags

Missing Update Known Vulnerabilities