Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-8005 - Vulnerability Database
MediaWiki

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-8005

Medium
Reference: CVE-2015-8005
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-8005
Title: MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

MediaWiki before 1.23.11 1.24.x before 1.24.4 and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.