WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3454)

Description

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

Remediation

References

Related Vulnerabilities

Moodle Improper Authentication Vulnerability (CVE-2014-3552)

Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)

WordPress Plugin Product Catalog SQL Injection (4.2.2)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-10705)

WordPress Plugin Better Search Cross-Site Request Forgery (2.5.2)

Severity

Medium

Classification

CVE-2014-3454 CWE-352

Tags

Missing Update Known Vulnerabilities