Description
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
Remediation
References
Related Vulnerabilities
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
WordPress Plugin Yoast SEO Cross-Site Scripting (21.0)
WordPress Plugin Genesis Simple Defaults Arbitrary File Upload (1.0.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)
WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)