Description

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.

Remediation

References

CVE-2022-29906

Related Vulnerabilities

WordPress Plugin WP Rss Poster SQL Injection (1.0.0)

WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3)

WordPress Plugin Ultimate Addons for Visual Composer Multiple Vulnerabilities (3.16.10)

MongoDb Improper Input Validation Vulnerability (CVE-2013-1892)

WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)

Severity

Critical

Classification

CVE-2022-29906 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities