Description
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.
Remediation
References
Related Vulnerabilities
phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)
WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)
MySQL CVE-2013-1552 Vulnerability (CVE-2013-1552)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)
WordPress Plugin Bold Timeline Lite Cross-Site Scripting (1.1.4)