CVE-2007-0894 — Mediawiki vulnerability

6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedFeb 12

Latest updateMay 1

Description

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.10 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.10+3

▶NVDmediawiki/mediawiki77 versions+76

Patches

Patch: svn.wikimedia.org ↗Patch: svn.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-4pg5-q3hf-7698: MediaWiki before 1↗2022-05-01

▶

OSV

CVE-2007-0894: MediaWiki before 1↗2007-02-12

▶

📋Vendor Advisories

Debian

CVE-2007-0894: mediawiki - MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information v...↗2007

▶

💬Community

Bugzilla

CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges↗2007-05-29

▶

Bugzilla

CVE-2007-0894: mediawiki full path disclosure↗2007-02-14

▶