CVE-2013-2032

描述

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

受影響套件(1)

• Debian/mediawikifrom 0, < 1:1.19.6-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2032