Description
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Remediation
References
Related Vulnerabilities
Grafana CVE-2022-39307 Vulnerability (CVE-2022-39307)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)
Oracle JRE CVE-2023-21938 Vulnerability (CVE-2023-21938)
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)
WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0.1)