CVE-2008-5687

high

Description

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

References

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/47678

http://secunia.com/advisories/33349

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html

Details

Source: Mitre, NVD

Published: 2008-12-19

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00373