Mediawiki : Security Vulnerabilities, CVEs, Published In 2015 (Information Leak) CVSS score >= 5

CVE-2015-8005

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-11-09
Updated
2015-11-10

CVE-2015-6727

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
Max CVSS
5.0
EPSS Score
0.63%
Published
2015-09-01
Updated
2015-09-02

CVE-2015-2935

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."
Max CVSS
5.0
EPSS Score
0.80%
Published
2015-04-13
Updated
2016-12-07

CVE-2013-7444

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
Max CVSS
5.0
EPSS Score
0.63%
Published
2015-09-01
Updated
2015-09-02
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close