MediaWiki prior to 1.17.1 allows remote malicious users to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |