SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2007-0894

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

http://www.securityfocus.com/archive/1/459793/100/0/threaded

http://bugzilla.wikimedia.org/show_bug.cgi?id=8819

http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681

http://zone14.free.fr/advisories/7/

mediawiki-multiple-scripts-path-disclosure(32440)


30479



423868



250038



909



195843



282