Vulnerabilities > Mediawiki > Mediawiki > 1.16

DATE CVE VULNERABILITY TITLE RISK
2012-01-08 CVE-2011-4361 Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
network
low complexity
mediawiki CWE-264
5.0
5.0
2012-01-08 CVE-2011-4360 Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
network
low complexity
mediawiki CWE-264
5.0
5.0
2011-04-27 CVE-2010-2789 Code Injection vulnerability in Mediawiki 1.16
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
network
mediawiki CWE-94
6.8
6.8