Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki CVE-2023-45370 Vulnerability (CVE-2023-45370)

Description

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3506)

WordPress Plugin Contact Form Email Information Disclosure (1.2.66)

WordPress Plugin PICA Photo Gallery 'picaPhotosResize.php' Arbitrary File Upload (1.0)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)

Severity

Medium

Classification

CVE-2023-45370 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities