Description

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

Remediation

References

CVE-2011-4360

Related Vulnerabilities

ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2133)

Oracle Database Server Create Session privilege issue (CVE-2021-1993)

WordPress Plugin Allopass for WP Cross-Site Scripting (1.0.7)

Apache HTTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-3303)

Severity

Medium

Classification

CVE-2011-4360 CWE-200

Tags

Missing Update Known Vulnerabilities