Richard Stanway

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.23.11 MediaWiki versions 1.24.x prior to 1.24.4 MediaWiki versions 1.25.x prior to 1.25.3 **Description** The issue allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file. This is due to the use of the thumbnail ImageMagick command line argument in affected MediaWiki versions. **Recommendations** For MediaWiki versions prior to 1.23.11, update to version 1.23.11 or later. For MediaWiki versions 1.24.x prior to 1.24.4, update to version 1.24.4 or later. For MediaWiki versions 1.25.x prior to 1.25.3, update to version 1.25.3 or later.