Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

Remediation

References

CVE-2016-6335

Related Vulnerabilities

WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.16)

Oracle Database Server CVE-2019-2571 Vulnerability (CVE-2019-2571)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.6)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923)

Severity

High

Classification

CVE-2016-6335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities