MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-11T01:33:11
Updated: 2024-08-05T02:25:12.120Z
Reserved: 2019-12-11T00:00:00
Link: CVE-2019-19709
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-11T02:15:14.810
Modified: 2023-02-01T19:34:36.060
Link: CVE-2019-19709
Redhat
No data.