Vulnerability CVE-2023-36674
Published: 2023-08-20

Description:
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

 References:
https://phabricator.wikimedia.org/T335612
Copyright 2026, cxsecurity.com

 

Back to Top