MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 5.0 | |
debian_linux | eq | 6.0 | |
mediawiki | lt | 1.17.1 |