Описание
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-5688
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
- http://secunia.com/advisories/33349
- http://www.mediawiki.org/wiki/Manual:$wgShowExceptionDetails
- http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails
Связанные уязвимости
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExce ...