Description
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.6)
WordPress Plugin AccessPress Anonymous Post Pro Arbitrary File Upload (3.1.9)
ownCloud Improper Access Control Vulnerability (CVE-2014-2048)
WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.6.2)
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-45856)