Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2007-1484)
TYPO3 Improper Input Validation Vulnerability (CVE-2014-3941)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-27912)
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)