March 11, 2010 at 08:42Two vulnerabilities in MediaWiki versions prior to 1.15.2
Several vulnerabilities were found in the popular MediaWiki wiki engine, which runs Wikipedia and a large part of wiki sites on the Internet .
The first vulnerability was found in the CSS verification code: with its help, a user who has editor rights can insert an image from external resources on the pages of a wiki site. This, in turn, can lead to the collection of potentially important data - IP visitors, pages viewed by them, and so on.
The second gap was found in the thumb.php script. Under certain conditions, a visitor can circumvent restrictions on access to personal files (images) organized with img_auth.php.
To eliminate vulnerabilities, you must upgrade to version 1.15.2 .
The first vulnerability was found in the CSS verification code: with its help, a user who has editor rights can insert an image from external resources on the pages of a wiki site. This, in turn, can lead to the collection of potentially important data - IP visitors, pages viewed by them, and so on.
The second gap was found in the thumb.php script. Under certain conditions, a visitor can circumvent restrictions on access to personal files (images) organized with img_auth.php.
To eliminate vulnerabilities, you must upgrade to version 1.15.2 .