CVE-2008-5687Mediawiki vulnerability

CWE-2647 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 37.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 19
Latest updateMay 17

Description

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.13.3-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.13.3-1+3
NVDmediawiki/mediawiki10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-jjqg-xp72-5w5q: MediaWiki 12022-05-17
OSV
CVE-2008-5687: MediaWiki 12008-12-19

💥Exploits & PoCs

1
Exploit-DB
Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)2008-05-29

📋Vendor Advisories

1
Debian
CVE-2008-5687: mediawiki - MediaWiki 1.11, and other versions before 1.13.3, does not properly protect agai...2008

💬Community

2
Bugzilla
mediawiki: multiple XSS and CSRF issues (CVE-2008-5249, CVE-2008-5250, CVE-2008-5252, CVE-2008-5687, CVE-2008-5688)2008-12-16
Bugzilla
CVE-2008-2549 acroread: crash and possible code execution2008-06-05
CVE-2008-5687 — Debian Mediawiki vulnerability | cvebase