4.3
CVE-2010-1190
- EPSS 1.43%
- Veröffentlicht 31.03.2010 18:00:00
- Zuletzt bearbeitet 16.06.2026 23:17:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.43% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39656
http://www.vupen.com/english/advisories/2010/1001
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
http://secunia.com/advisories/39022
http://www.debian.org/security/2010/dsa-2022
http://www.vupen.com/english/advisories/2010/0685
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES