Description

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

Remediation

References

CVE-2022-28209

Related Vulnerabilities

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress SQL Injection (2.9.55.1)

Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (3.4.7)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)

Severity

Critical

Classification

CVE-2022-28209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities