Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

Remediation

References

CVE-2014-3455

Related Vulnerabilities

MySQL CVE-2019-2946 Vulnerability (CVE-2019-2946)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)

Serendipity Other Vulnerability (CVE-2005-1134)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1581)

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

Severity

Medium

Classification

CVE-2014-3455 CWE-352

Tags

Missing Update Known Vulnerabilities