CVE-2018-13258

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn’t be web accessible.

Date published : 2018-10-04

https://phabricator.wikimedia.org/T199029

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html