Description
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)