Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2012-4529 Vulnerability (CVE-2012-4529)
PHP Resource Management Errors Vulnerability (CVE-2010-2093)
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)
MySQL CVE-2020-2765 Vulnerability (CVE-2020-2765)
WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)