MediaWiki prior to 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote malicious users to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |