Mediawiki : Security Vulnerabilities, CVEs, Published In 2015 (Information Leak) CVSS score >= 5
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-11-09
Updated
2015-11-10
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
Max CVSS
5.0
EPSS Score
0.63%
Published
2015-09-01
Updated
2015-09-02
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."
Max CVSS
5.0
EPSS Score
0.80%
Published
2015-04-13
Updated
2016-12-07
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
Max CVSS
5.0
EPSS Score
0.63%
Published
2015-09-01
Updated
2015-09-02
4 vulnerabilities found