Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8004)

Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

Remediation

References

Related Vulnerabilities

WordPress Plugin Facebook for WordPress PHP Object Injection (2.2.2)

PHP Out-of-bounds Write Vulnerability (CVE-2015-0235)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3179)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29459)

Severity

Medium

Classification

CVE-2015-8004 CWE-264

Tags

Missing Update Known Vulnerabilities