Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

Remediation

References

CVE-2015-8004

Related Vulnerabilities

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631)

WordPress Plugin Contact Form by Supsystic Cross-Site Scripting (1.7.19)

WordPress Plugin WP Construction Mode Cross-Site Request Forgery (1.8)

Oracle JRE CVE-2013-5782 Vulnerability (CVE-2013-5782)

WordPress Plugin Advanced Dynamic Pricing for WooCommerce Multiple Vulnerabilities (4.1.5)

Severity

Medium

Classification

CVE-2015-8004 CWE-264

Tags

Missing Update Known Vulnerabilities