Description
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Pro Arbitrary File Upload (4.1.0)
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (2.3.12)
WordPress Plugin Facebook Photo Fetcher Unspecified Vulnerability (2.1.17)