CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

PT-2022-18875 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.1 Description: An issue was discovered in the ImportPlanValidator.php file of the FileImporter extension, where it mishandles the check for edit rights. Recommendations: For MediaWiki versions through 1.37.1,...

PT-2021-21129 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the FileImporter extension. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus...

CVE-2020-26121

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-38683)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.0, which stems from...

PT-2020-16300 · Wikimedia +1 · Fileimporter Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.4 FileImporter extension for MediaWiki versions prior to 1.34.4 Description: An issue in the FileImporter extension allows an attacker to import a file into a protected page, bypassing "page creation"...