Description
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.
Remediation
References
Related Vulnerabilities
WordPress Plugin Watu Quiz Unspecified Vulnerability (2.6)
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)
Jenkins CVE-2015-7538 Vulnerability (CVE-2015-7538)
Jenkins CVE-2017-2602 Vulnerability (CVE-2017-2602)
Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)