Launchpad.net

CVE 2014-1686

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.

See the CVE page on Mitre.org for more details.