Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Remediation

References

CVE-2023-45369

Related Vulnerabilities

WordPress Plugin Total GDPR Compliance Lite-WordPress for GDPR Compatibility includes Backdoor [Only if downloaded via the vendor website] (1.0.4)

MySQL CVE-2016-5441 Vulnerability (CVE-2016-5441)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4997)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)

Severity

Medium

Classification

CVE-2023-45369 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities