Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slideshow Gallery LITE Arbitrary File Upload (1.4.6)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)
WordPress Plugin WP Reroute Email SQL Injection (1.4.6)
PHP Other Vulnerability (CVE-2007-1886)
WordPress Plugin Post Pay Counter PHP Object Injection (2.730)