Description
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Quick View Security Bypass (1.3.13)
MySQL CVE-2013-1555 Vulnerability (CVE-2013-1555)
WordPress Plugin Shopp Multiple Vulnerabilities (1.0.17)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)