An issue exists in MediaWiki prior to 1.35.11, 1.36.x up to and including 1.38.x prior to 1.38.7, 1.39.x prior to 1.39.4, and 1.40.x prior to 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
mediawiki mediawiki 1.40.0 |