Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability - CVE-2021-35197 - Vulnerability Database
MediaWiki

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability - CVE-2021-35197

High
Reference: CVE-2021-35197
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-35197
Title: MediaWiki Exposure of Resource to Wrong Sphere Vulnerability
Overview:

In MediaWiki before 1.31.15 1.32.x through 1.35.x before 1.35.3 and 1.36.x before 1.36.1 bots have certain unintended API access. When a bot account has a quotsitewide blockquot applied it is able to still quotpurgequot pages through the MediaWiki Action API (which a quotsitewide blockquot should have prevented).