Description
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
Remediation
References
Related Vulnerabilities
Atlassian Confluence CVE-2020-29448 Vulnerability (CVE-2020-29448)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)
Oracle JRE Improper Certificate Validation Vulnerability (CVE-2003-1229)
WordPress Plugin Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)