← Back to CVE List
CVE-2023-3550
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt