Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-0738)
WordPress Plugin uContext for Amazon Cross-Site Request Forgery (3.9.1)
MySQL CVE-2014-6559 Vulnerability (CVE-2014-6559)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7364)
WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.2)