Description

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

Remediation

References

CVE-2014-3454

Related Vulnerabilities

MySQL CVE-2020-14654 Vulnerability (CVE-2020-14654)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

MySQL CVE-2021-2010 Vulnerability (CVE-2021-2010)

LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)

Jetty Session Fixation Vulnerability (CVE-2018-12538)

Severity

Medium

Classification

CVE-2014-3454 CWE-352

Tags

Missing Update Known Vulnerabilities