Description

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.

Remediation

References

CVE-2021-45471

Related Vulnerabilities

WordPress Plugin DukaPress PHP Object Injection (3.1.20)

WordPress Plugin WPPizza Cross-Site Scripting (2.11.8.17)

WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)

Java Unspesificed Vulnerability (CVE-2019-2602)

TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355)

Severity

Medium

Classification

CVE-2021-45471 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities