2 matches found
Session fixation
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...
CVE-2016-6337
MediaWiki 1.27.x prior to 1.27.1 is vulnerable to a remote access bypass: a attacker could exploit a path via UserGetRights after Session::getAllowedUserRights to bypass session restrictions. The issue affects the specified MediaWiki 1.27.x range and enables partial authentication to bypass acces...