Vulnerabilities > Mediawiki > Mediawiki > 1.16
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-01-08 | CVE-2011-4361 | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | 5.0 |
2012-01-08 | CVE-2011-4360 | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. | 5.0 |
2011-04-27 | CVE-2010-2789 | Code Injection vulnerability in Mediawiki 1.16 PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 6.8 |