VYPR

FileImporter

by MediaWiki

CVEs (3)

  • CVE-2021-36132Jul 2, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform…

  • CVE-2020-27621Oct 22, 2020
    risk 0.00cvss epss 0.01

    The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data.…

  • CVE-2020-26121Sep 27, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction…