Unfiltered Item Merging Vulnerability in Wikibase Extension

Unfiltered Item Merging Vulnerability in Wikibase Extension

CVE-2023-45372 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

Learn more about our Web Application Penetration Testing UK.