Two vulnerabilities in MediaWiki version up to 1.15.2
In the popular MediaWiki wiki engine, which runs Wikipedia and a large part of wiki sites on the Internet, several vulnerabilities have been found.
The first vulnerability is found in the CSS verification code: with its help, a user with editor rights can insert an image from external resources on the pages of a wiki site. This, in turn, can lead to the collection of potentially important data - the IP of visitors, the pages they are viewing, and so on.
The second flaw is found in the script thumb.php. Under certain conditions, the visitor can bypass the access restrictions to personal files (images), organized using img_auth.php.
To eliminate the vulnerabilities, you need to upgrade to version 1.15.2 .
The first vulnerability is found in the CSS verification code: with its help, a user with editor rights can insert an image from external resources on the pages of a wiki site. This, in turn, can lead to the collection of potentially important data - the IP of visitors, the pages they are viewing, and so on.
The second flaw is found in the script thumb.php. Under certain conditions, the visitor can bypass the access restrictions to personal files (images), organized using img_auth.php.
To eliminate the vulnerabilities, you need to upgrade to version 1.15.2 .
')
Source: https://habr.com/ru/post/87106/
All Articles