MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

Description

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

Remediation

References

CVE-2008-5687

Related Vulnerabilities

WordPress Plugin dsIDXpress IDX Multiple Unspecified Vulnerabilities (2.1.32)

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)

Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.75)

WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.5.1)

Severity

Medium

Classification

CVE-2008-5687 CWE-264