CVE-2008-5688 Information

Description

MediaWiki 1.8.1 and other versions before 1.13.3 when the wgShowExceptionDetails variable is enabled sometimes provides the full installation path in a debugging message which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html http://secunia.com/advisories/33349 http://www.mediawiki.org/wiki/Manual:$wgShowExceptionDetails https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html