CVE-2010-1190

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.15.2

Description The issue allows remote attackers to bypass intended access restrictions and read private images. This is due to the failure of thumb.php to check user permissions before providing scaled images when used with access-restriction mechanisms.

Recommendations For versions prior to 1.15.2, update to version 1.15.2 or later to resolve the issue.