Your submission was sent successfully! Close

CVE-2013-4301

Published: 27 October 2013

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

Priority

Low

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
lucid Ignored

precise Ignored

quantal Ignored

raring Ignored

saucy Ignored

upstream
Released (1:1.19.8+dfsg-1)