Description
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
Remediation
References
Related Vulnerabilities
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
PHP Other Vulnerability (CVE-2007-1777)
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
Jboss EAP Incorrect Authorization Vulnerability (CVE-2026-3009)
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)