Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-3550

Published: 25/09/2023 Updated: 01/02/2024
CVSS v3 Base Score: 7.3 | Impact Score: 5.2 | Exploitability Score: 2.1
VMScore: 0
Subscribe to Mediawiki

Vulnerability Summary

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki 1.40.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5520-1 mediawiki -- security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 1:13513-1~deb11u1 For the stable distribution (bookworm), these problems have ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Mediawiki v1400 does not validate namespaces used in XML files Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrato ...

References

CWE-79https://www.mediawiki.org/wiki/MediaWiki/https://fluidattacks.com/advisories/blondie/https://www.debian.org/security/2023/dsa-5520https://lists.debian.org/debian-lts-announce/2023/11/msg00027.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5520
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook