Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

Remediation

References

CVE-2015-8004

Related Vulnerabilities

MediaWiki Improper Privilege Management Vulnerability (CVE-2020-10534)

WordPress Improper Privilege Management Vulnerability (CVE-2020-28035)

Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)

WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)

PHP Other Vulnerability (CVE-2015-6835)

Severity

Medium

Classification

CVE-2015-8004 CWE-264

Tags

Missing Update Known Vulnerabilities