Description

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

Remediation

References

CVE-2021-36129

Related Vulnerabilities

WordPress Plugin Easy Property Listings Cross-Site Request Forgery (3.3.5.8)

WordPress Plugin Lazy SEO Arbitrary File Upload (1.3.2)

Oracle Application Server Other Vulnerability (CVE-2005-3448)

PHP Improper Input Validation Vulnerability (CVE-2006-6383)

WordPress Plugin Crony Cronjob Manager Multiple Vulnerabilities (0.4.4)

Severity

Medium

Classification

CVE-2021-36129 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities