Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2016-7263 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T01:29:19.386Z
Reserved: 2016-07-26T00:00:00.000Z
Link: CVE-2016-6336
No data.
Status : Modified
Published: 2017-04-20T17:59:00.743
Modified: 2026-06-17T00:50:51.037
Link: CVE-2016-6336
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-284
Improper Access Control
EUVD