Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

Remediation

References

CVE-2016-6336

Related Vulnerabilities

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)

Apache Tomcat Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-9774)

WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)

Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313)

Severity

Medium

Classification

CVE-2016-6336 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities