Bypassing Re-authentication Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1

Bypassing Re-authentication Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1

CVE-2019-12468 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

Learn more about our Web Application Penetration Testing UK.