CVE-2011-1580Improper Input Validation in Mediawiki

CWE-20Improper Input Validation7 documents5 sources
Severity
3.5LOWNVD
EPSS
0.6%
top 30.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedApr 27
Latest updateMay 17

Description

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.15.5-5 (bookworm)
Debianmediawiki/mediawiki< 1:1.15.5-5+3
NVDmediawiki/mediawiki1.16.2+110

Patches

Patch: lists.wikimedia.orgPatch: openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-5f9r-6cq4-fph8: The transwiki import functionality in MediaWiki before 12022-05-17
OSV
CVE-2011-1580: The transwiki import functionality in MediaWiki before 12011-04-27

📋Vendor Advisories

1
Debian
CVE-2011-1580: mediawiki - The transwiki import functionality in MediaWiki before 1.16.3 does not properly ...2011

💬Community

3
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587 mediawiki: multiple vulnerabilities fixed in 1.16.3, 1.16.42011-04-13
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1765 mediawiki116 various flaws [epel-all]2011-04-13
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]2011-04-13
CVE-2011-1580 — Improper Input Validation in Mediawiki | cvebase