Arbitrary File Revision Deletion Bypass in MediaWiki

Arbitrary File Revision Deletion Bypass in MediaWiki

CVE-2016-6336 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

Learn more about our User Device Pen Test.