Mediawiki: >> Mediawiki >> 1.35.8 Security Vulnerabilities
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-07-02
Page 10