Description
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
Oracle Database Server CVE-2007-2108 Vulnerability (CVE-2007-2108)
Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148)
WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)
phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)