Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
Vulnerability Description
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
ManageWiki 授权问题漏洞
Vulnerability Description
ManageWiki是Miraheze开源的一个扩展。 ManageWiki存在授权问题漏洞,该漏洞源于扩展管理不当,可能导致受限扩展被自动禁用。
CVSS Information
N/A
Vulnerability Type
N/A