Description

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

Remediation

References

CVE-2023-37305

Related Vulnerabilities

WordPress Plugin Contact Form DB CSV Injection (2.10.32)

WordPress Plugin Members Import Cross-Site Scripting (1.4.2)

PHP Improper Input Validation Vulnerability (CVE-2015-4604)

MySQL CVE-2024-21193 Vulnerability (CVE-2024-21193)

WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)

Severity

Medium

Classification

CVE-2023-37305 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities