Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mediawiki/core(Packagist) | 0 | N/A | N/A |
CVSS Metrics
