Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-36129)

Description

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

Remediation

References

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)

WordPress Plugin Analytics Remote Code Execution (1.7)

MySQL CVE-2022-21332 Vulnerability (CVE-2022-21332)

CubeCart Improper Input Validation Vulnerability (CVE-2012-0865)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)

Severity

Medium

Classification

CVE-2021-36129 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities