Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

Remediation

References

CVE-2016-6335

Related Vulnerabilities

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7890)

Django CVE-2024-41990 Vulnerability (CVE-2024-41990)

Oracle Database Server CVE-2014-4292 Vulnerability (CVE-2014-4292)

Drupal Other Vulnerability (CVE-2006-4002)

Severity

High

Classification

CVE-2016-6335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities