Description

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

Remediation

References

CVE-2012-5394

Related Vulnerabilities

OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0286)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33361)

WordPress Plugin Nelio AB Testing Directory Traversal (4.4.4)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)

WordPress Plugin Media from FTP PHP Object Injection (9.79)

Severity

Medium

Classification

CVE-2012-5394 CWE-352

Tags

Missing Update Known Vulnerabilities