Description
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
Remediation
References
Related Vulnerabilities
WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)
MongoDb Other Vulnerability (CVE-2013-2132)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1501)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)
NuSOAP Improper Certificate Validation Vulnerability (CVE-2012-6071)