Description

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

Remediation

References

CVE-2012-1581

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35811)

WordPress Plugin WP125 Cross-Site Request Forgery (1.4.9)

WordPress Plugin FireStats Cross-Site Scripting (1.6.4)

Drupal Configuration Vulnerability (CVE-2008-6171)

Severity

Medium

Classification

CVE-2012-1581 CWE-264

Tags

Missing Update Known Vulnerabilities