Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

Remediation

References

CVE-2015-8004

Related Vulnerabilities

WordPress 4.1.x Directory Traversal (4.1 - 4.1.40)

Oracle JRE CVE-2024-20926 Vulnerability (CVE-2024-20926)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)

Microsoft SQL Server CVE-2023-32027 Vulnerability (CVE-2023-32027)

WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155)

Severity

Medium

Classification

CVE-2015-8004 CWE-264

Tags

Missing Update Known Vulnerabilities