Arbitrary File Revision Deletion Bypass in MediaWiki
CVE-2016-6336 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
Learn more about our User Device Pen Test.