Description
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user.
Remediation
References
Related Vulnerabilities
WordPress Plugin iframe Cross-Site Scripting (4.0)
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)
WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)
MySQL CVE-2022-21289 Vulnerability (CVE-2022-21289)
phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)