Description

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

Remediation

References

CVE-2023-36674

Related Vulnerabilities

WordPress Plugin WordPress Firewall 2 Multiple Vulnerabilities (1.3)

OpenSSL Other Vulnerability (CVE-2014-3505)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14722)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10095)

WordPress Plugin File Manager Unspecified Vulnerability (5.1.5)

Severity

Medium

Classification

CVE-2023-36674 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities