MediaWiki Multiple Remote Vulnerabilities

MediaWiki is prone to an HTML-injection vulnerability, a security-bypass vulnerability, and a remote file-include vulnerability.

Attackers can exploit these issues to execute remote files within the context of the web server process, execute arbitrary script code in the context of the website, steal cookie-based authentication information, disclose sensitive information, or bypass certain security restrictions.

Versions prior to MediaWiki 1.20.4 and 1.19.5 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus