CVE-2012-1580Cross-Site Request Forgery in Mediawiki

CWE-352Cross-Site Request Forgery6 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedSep 9
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDmediawiki/mediawiki7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-hfw5-2294-7q36: Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 12022-05-17

📋Vendor Advisories

1
Debian
CVE-2012-1580: mediawiki - Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1...2012

💬Community

3
Bugzilla
CVE-2012-5517 kernel: mm/hotplug: failure in propagating hot-added memory to other nodes2012-11-10
Bugzilla
CVE-2012-1580 mediawiki (v1.18.2): CSRF due disabled token check by performing file uploads2012-03-23
Bugzilla
CVE-2012-1578 CVE-2012-1580 CVE-2012-1581 mediawiki various flaws [fedora-all]2012-03-23
CVE-2012-1580 — Cross-Site Request Forgery in Mediawiki | cvebase