Description

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

Remediation

References

CVE-2010-1648

Related Vulnerabilities

MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)

WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)

WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)

WordPress Plugin LearnPress-WordPress LMS Arbitrary File Write (3.2.2)

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1907)

Severity

Medium

Classification

CVE-2010-1648 CWE-352

Tags

Missing Update Known Vulnerabilities