Description
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
Remediation
References
Related Vulnerabilities
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518)
Piwigo Improper Access Control Vulnerability (CVE-2016-10084)
WordPress Plugin WordPress File Upload Cross-Site Request Forgery (2.4.1)
MySQL CVE-2021-2230 Vulnerability (CVE-2021-2230)
Internet Information Services Other Vulnerability (CVE-2011-5279)