Description
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Remediation
References
Related Vulnerabilities
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)
WordPress Plugin s2Member Pro 'Coupon Code' Field HTML Injection (111216)
Squid Improper Input Validation Vulnerability (CVE-2013-1839)
Java Code Execution Vulnerability (CVE-2018-3211)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0057)