Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
debian_linux | eq | 11.0 | |
mediawiki | eq | 1.40.0 |