Description

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

Remediation

References

CVE-2012-1578

Related Vulnerabilities

Python Off-by-one Error Vulnerability (CVE-2007-2052)

PostgreSQL Other Vulnerability (CVE-2006-5541)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4441)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)

WordPress Plugin Rise Blocks-A Complete Gutenberg Page Builder Unspecified Vulnerability (1.0.0)

Severity

Medium

Classification

CVE-2012-1578 CWE-352

Tags

Missing Update Known Vulnerabilities