Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Incorrect Default Permissions Vulnerability (CVE-2017-0369)

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

Remediation

References

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1889)

WordPress Plugin DeMomentSomTres Subscribe Cross-Site Scripting (201909190900)

WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)

WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)

WordPress Plugin Browser Screenshots Cross-Site Scripting (1.7.5)

Severity

Medium

Classification

CVE-2017-0369 CWE-276 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities