Description

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

Remediation

References

CVE-2012-5391

Related Vulnerabilities

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-2471)

IBM WebSEAL Insufficiently Protected Credentials Vulnerability (CVE-2021-20439)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.12)

WordPress Plugin File Uploader Arbitrary File Upload (1.1)

concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)

Severity

Medium

Classification

CVE-2012-5391

Tags

Missing Update Known Vulnerabilities