Vulnerabilities > CVE-2021-36132 - Incorrect Authorization vulnerability in Mediawiki

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mediawiki
CWE-863

Summary

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
387

Common Weakness Enumeration (CWE)