Mediawiki: >> Mediawiki >> 1.11.1 Security Vulnerabilities
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
CVSS Score
5.0
EPSS Score
0.02
Published
2008-12-19
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
CVSS Score
4.3
EPSS Score
0.011
Published
2008-12-19
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.
CVSS Score
5.0
EPSS Score
0.015
Published
2008-03-13
Page 30