Description

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

Remediation

References

CVE-2020-25869

Related Vulnerabilities

WordPress Plugin LearnDash LMS SQL Injection (3.1.5)

WordPress Plugin Husker Portfolio Cross-Site Request Forgery (0.3)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1130)

WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Cross-Site Scripting (2.0.12)

Severity

High

Classification

CVE-2020-25869 CWE-755 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities