Description
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Remediation
References
Related Vulnerabilities
osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)
Oracle JRE CVE-2012-5083 Vulnerability (CVE-2012-5083)
WordPress Plugin gboutique Local File Inclusion (1.3)
WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.2.5)
Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)