Description
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook for WordPress PHP Object Injection (2.2.2)
WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)
WordPress Plugin Login with phone number Security Bypass (1.7.26)
Oracle Database Server CVE-2014-2408 Vulnerability (CVE-2014-2408)