Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

Remediation

References

CVE-2016-6336

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.29)

PHP Numeric Errors Vulnerability (CVE-2012-2386)

WordPress Plugin JobSearch WP Job Board Security Bypass (1.8.1)

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)

Severity

Medium

Classification

CVE-2016-6336 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities