Description

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

Remediation

References

CVE-2012-1578

Related Vulnerabilities

WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)

Ruby on Rails CVE-2018-16477 Vulnerability (CVE-2018-16477)

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (2.4.1)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4549)

WordPress Plugin Official MailerLite Sign Up Forms SQL Injection (1.4.3)

Severity

Medium

Classification

CVE-2012-1578 CWE-352

Tags

Missing Update Known Vulnerabilities