QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1190

Published: Mar 31, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2

mailing-list

x_refsource_MLIST

SUSE-SR:2010:010

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.