vulnerability

MediaWiki: Unspecified Security Vulnerability (CVE-2023-3550)

Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Sep 25, 2023
Added
Sep 28, 2023
Modified
Feb 20, 2025

Description

Mediawiki v1.40.0 does not validate namespaces used in XML files.

Therefore, if the instance administrator allows XML file uploads,

a remote attacker with a low-privileged user account can use this

exploit to become an administrator by sending a malicious link to

the instance administrator.

Solution

mediawiki-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.