Description
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
Remediation
References
Related Vulnerabilities
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.5)
WordPress Plugin No Follow All External Links Spam Injection (2.3.0)
WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)
Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)