Description

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

Remediation

References

CVE-2015-6727

Related Vulnerabilities

Drupal Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-28949)

Ruby Out-of-bounds Read Vulnerability (CVE-2022-28739)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4614)

MySQL CVE-2021-35642 Vulnerability (CVE-2021-35642)

Severity

Medium

Classification

CVE-2015-6727 CWE-200

Tags

Missing Update Known Vulnerabilities