Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Remediation

References

CVE-2023-45371

Related Vulnerabilities

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7829)

WordPress Plugin WP People 'wp-people-popup.php' SQL Injection (2.0)

Artifactory Missing Authorization Vulnerability (CVE-2019-10323)

WordPress Plugin BulletProof Security Cross-Site Scripting (.47)

phpMyAdmin Improper Authentication Vulnerability (CVE-2022-23807)

Severity

High

Classification

CVE-2023-45371 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities