Описание
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-1190
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
- http://secunia.com/advisories/39022
- http://secunia.com/advisories/39656
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES
- http://www.debian.org/security/2010/dsa-2022
- http://www.vupen.com/english/advisories/2010/0685
- http://www.vupen.com/english/advisories/2010/1001
EPSS
CVE ID
Связанные уязвимости
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
thumb.php in MediaWiki before 1.15.2, when used with access-restrictio ...
EPSS