Two vulnerabilities in MediaWiki versions prior to 1.15.2

    Several vulnerabilities were found in the popular MediaWiki wiki engine, which runs Wikipedia and a large part of wiki sites on the Internet .
    The first vulnerability was found in the CSS verification code: with its help, a user who has editor rights can insert an image from external resources on the pages of a wiki site. This, in turn, can lead to the collection of potentially important data - IP visitors, pages viewed by them, and so on.
    The second gap was found in the thumb.php script. Under certain conditions, a visitor can circumvent restrictions on access to personal files (images) organized with img_auth.php.
    To eliminate vulnerabilities, you must upgrade to version 1.15.2 .

    Also popular now: