Description

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

Remediation

References

CVE-2013-4306

Related Vulnerabilities

WordPress 4.4.x Same Origin Method Execution (SOME) Vulnerability (4.4 - 4.4.2)

Drupal Core 8.x Security Bypass (8.0.0 - 8.1.2)

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.2)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)

WordPress Plugin Mobile Domain Multiple Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2013-4306 CWE-352

Tags

Missing Update Known Vulnerabilities