1. Home
  2. Vulnerabilities
  3. CVE-2023-36674

CVE-2023-36674

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2023-08-20 18:15:09
(13 months ago)
Updated Date
2023-11-07 04:16:41
(10 months ago)

Affected Products

Mediawiki

Configuration #1

    CPE23 From Up To
  Mediawiki prior 1.35.11 version cpe:2.3:a:mediawiki:mediawiki < 1.35.11
  Mediawiki from 1.36.0 version and prior 1.38.7 version cpe:2.3:a:mediawiki:mediawiki >= 1.36.0 < 1.38.7
  Mediawiki from 1.39.0 version and prior 1.39.4 version cpe:2.3:a:mediawiki:mediawiki >= 1.39.0 < 1.39.4
  Mediawiki 1.40.0 cpe:2.3:a:mediawiki:mediawiki:1.40.0