National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mediawiki:mediawiki:1.17.3
There are 102 matching records.
Displaying matches 101 through 102.
Vuln ID Summary CVSS Severity
CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

Published: January 08, 2012; 06:55:19 AM -05:00
    V2: 5.0 MEDIUM
CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

Published: January 08, 2012; 06:55:18 AM -05:00
    V2: 5.0 MEDIUM