CVE-2010-1648 — Cross-Site Request Forgery in Mediawiki

CWE-352 — Cross-Site Request Forgery6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 68.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedJun 8

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.15.4-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.15.4-1+3

▶NVDmediawiki/mediawiki5 versions+4

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-3wxf-h9xq-wcv8: Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1↗2022-05-17

▶

OSV

CVE-2010-1648: Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1↗2010-06-08

▶

📋Vendor Advisories

Debian

CVE-2010-1648: mediawiki - Cross-site request forgery (CSRF) vulnerability in the login interface in MediaW...↗2010

▶

💬Community

Bugzilla

CVE-2010-1647 CVE-2010-1648 mediawiki: multiple vulnerabilities fixed in 1.15.4/1.16b3 [fedora-all]↗2010-06-17

▶

Bugzilla

CVE-2010-1647 CVE-2010-1648 mediawiki: multiple vulnerabilities fixed in 1.15.4/1.16b3↗2010-06-08

▶