Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mass Delete Taxonomies Cross-Site Request Forgery (3.0.0)
WordPress Plugin Quick Chat Cross-Site Scripting (4.14)
ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7060)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-4978)