Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-79688
HistorySep 27, 2023 - 12:00 a.m.

Mediawiki input validation error vulnerability (CNVD-2023-79688)

2023-09-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
mediawiki
vulnerability
input validation
xml files
administrator
exploit

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

46.8%

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in Mediawiki version v1.40.0 that stems from not validating namespaces used in XML files. An attacker can exploit the vulnerability to become an administrator by sending a malicious link to an instance administrator.

CPENameOperatorVersion
mediawiki mediawiki veq1.40.0

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

46.8%