CVE-2012-1578Cross-Site Request Forgery in Mediawiki

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedSep 9
Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDmediawiki/mediawiki7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-3mq9-phgq-f2wv: Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 12022-05-17

📋Vendor Advisories

1
Debian
CVE-2012-1578: mediawiki - Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x b...2012

💬Community

2
Bugzilla
CVE-2012-1578 CVE-2012-1580 CVE-2012-1581 mediawiki various flaws [fedora-all]2012-03-23
Bugzilla
CVE-2012-1578 mediawiki (v1.18.2): CSRF in the block / unblock API modules2012-03-23
CVE-2012-1578 — Cross-Site Request Forgery in Mediawiki | cvebase