Path traversal

2008-12-1917:30:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

CPENameOperatorVersion
mediawikieq1.8.2
mediawikieq1.12.1
mediawikieq1.13.0 rc2
mediawikieq1.9.3
mediawikieq1.12.3
mediawikieq1.9.2
mediawikieq1.12.0
mediawikieq1.10.0 rc2
mediawikieq1.11.2
mediawikieq1.9.4

Name	Operator	Version
mediawiki	eq	1.8.2
mediawiki	eq	1.12.1
mediawiki	eq	1.13.0 rc2
mediawiki	eq	1.9.3
mediawiki	eq	1.12.3
mediawiki	eq	1.9.2
mediawiki	eq	1.12.0
mediawiki	eq	1.10.0 rc2
mediawiki	eq	1.11.2
mediawiki	eq	1.9.4