Description
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Remediation
References
Related Vulnerabilities
WordPress Plugin Analytics Cross-Site Scripting (1.2.3)
WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)
PostgreSQL Improper Input Validation Vulnerability (CVE-2013-0255)
WordPress Plugin Seo Spy Arbitrary File Upload (2.6)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837)