Description
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.13)
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27426)
Jboss EAP CVE-2022-4492 Vulnerability (CVE-2022-4492)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7067)
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.12)