An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
History

Tue, 08 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-20T00:00:00

Updated: 2024-10-08T14:27:38.887Z

Reserved: 2023-06-26T00:00:00

Link: CVE-2023-36674

cve-icon Vulnrichment

Updated: 2024-08-02T16:52:54.118Z

cve-icon NVD

Status : Modified

Published: 2023-08-20T18:15:09.930

Modified: 2024-10-08T15:35:09.850

Link: CVE-2023-36674

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-30T00:00:00Z

Links: CVE-2023-36674 - Bugzilla