Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
Vulnerability Description
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Wikimedia Mediawiki - SecurePoll extension 安全漏洞
Vulnerability Description
Wikimedia Mediawiki - SecurePoll extension是Wikimedia基金会的一个用于选举、投票和调查的特殊页面扩展。 Wikimedia Mediawiki - SecurePoll extension 1.39.13之前版本、1.42.7之前版本和1.43.2之前版本存在安全漏洞,该漏洞源于未验证用户是否为选举管理员,可能导致更改选举相关翻译文本。
CVSS Information
N/A
Vulnerability Type
N/A