CVE-2014-1686by Jeremyin Security Bulletinson Posted on April 16, 2018 MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.