MediaWiki Incorrect Default Permissions Vulnerability - CVE-2011-4361 - Vulnerability Database

MediaWiki Incorrect Default Permissions Vulnerability - CVE-2011-4361

Medium

Reference: CVE-2011-4361

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4361

Title: MediaWiki Incorrect Default Permissions Vulnerability

Overview:

MediaWiki before 1.17.1 does not check for read permission before handling actionajax requests which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function or by (2) leveraging an extension as demonstrated by the CategoryTree ExtTab and InlineEditor extensions.