Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2019-11046)
PleskWin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0218)
WordPress Plugin NOSpamPTI SQL Injection (2.1)
Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)