Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Missing Authentication for Critical Function Vulnerability - CVE-2019-12468 - Vulnerability Database
MediaWiki

MediaWiki Missing Authentication for Critical Function Vulnerability - CVE-2019-12468

Critical
Reference: CVE-2019-12468
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-12468
Title: MediaWiki Missing Authentication for Critical Function Vulnerability
Overview:

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication allowing for potential account takeover.