Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Remediation

References

CVE-2023-45371

Related Vulnerabilities

WebLogic CVE-2020-2829 Vulnerability (CVE-2020-2829)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31799)

phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-11767)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6787)

WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)

Severity

High

Classification

CVE-2023-45371 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities