QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19709

Published: Dec 11, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T239466

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

20191229 [SECURITY] [DSA 4592-1] mediawiki security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.