MediaWiki 1.27.x prior to 1.27.1 might allow remote malicious users to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.27.0 |