Description
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)
WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.2.7)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)
WordPress Plugin Vertical SlideShow 'upload.php' Arbitrary File Upload (2.1)
OpenSSL Improper Input Validation Vulnerability (CVE-2008-5077)