Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-09-25T15:20:27.351Z
Updated: 2024-08-02T07:01:56.435Z
Reserved: 2023-07-08T01:02:40.399Z
Link: CVE-2023-3550
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-25T16:15:14.347
Modified: 2024-06-10T17:16:13.043
Link: CVE-2023-3550
Redhat