The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediawiki
APPMediawiki≤ 1.37.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-34502CRITICAL9.8PL ✓ten sam produkt
CSRF w WikibaseLexeme (MediaWiki) — nieuprawnione scalanie leksemów
CVE-2023-37303CRITICAL9.8ten sam produkt
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an att...
CVE-2023-29141CRITICAL9.8ten sam produkt
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1....
CVE-2022-29904CRITICAL9.8ten sam produkt
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773)...
CVE-2022-28209CRITICAL9.8ten sam produkt
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the An...