WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1190)

Description

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

Remediation

References

Related Vulnerabilities

MySQL CVE-2022-21326 Vulnerability (CVE-2022-21326)

OpenSSL Numeric Errors Vulnerability (CVE-2008-0891)

PHP version older than 5.2.5

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2930)

Apache Tomcat version older than 6.0.16

Severity

Medium

Classification

CVE-2010-1190 CWE-264

Tags

Missing Update Known Vulnerabilities