Security Advisory

CVE-2023-3550

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-25 15:20:27

Last updated 2025-02-13 16:55:50

Assigner Fluid Attacks

State PUBLISHED

Description

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

← Browse all CVEs View on cve.org ↗