Required CVE Record Information
Description
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
References 8 Total
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES
- secunia.com: 39656 third-party-advisory
- debian.org: DSA-2022 vendor-advisory
- lists.wikimedia.org: [MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2 mailing-list
- lists.opensuse.org: SUSE-SR:2010:010 vendor-advisory
- vupen.com: ADV-2010-0685 vdb-entry
- secunia.com: 39022 third-party-advisory
- vupen.com: ADV-2010-1001 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES x_transferred
- secunia.com: 39656 third-party-advisoryx_transferred
- debian.org: DSA-2022 vendor-advisoryx_transferred
- lists.wikimedia.org: [MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2 mailing-listx_transferred
- lists.opensuse.org: SUSE-SR:2010:010 vendor-advisoryx_transferred
- vupen.com: ADV-2010-0685 vdb-entryx_transferred
- secunia.com: 39022 third-party-advisoryx_transferred
- vupen.com: ADV-2010-1001 vdb-entryx_transferred