CVE-2008-5252 — Cross-Site Request Forgery in Mediawiki

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 38.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedDec 19

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.13.3-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.13.3-1+3

▶NVDmediawiki/mediawiki47 versions+46

Patches

Patch: lists.wikimedia.org ↗Patch: secunia.com ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-5976-h5pc-66qx: Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1↗2022-05-17

▶

OSV

CVE-2008-5252: Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1↗2008-12-19

▶

📋Vendor Advisories

Debian

CVE-2008-5252: mediawiki - Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in...↗2008

▶

💬Community

Bugzilla

mediawiki: multiple XSS and CSRF issues (CVE-2008-5249, CVE-2008-5250, CVE-2008-5252, CVE-2008-5687, CVE-2008-5688)↗2008-12-16

▶