Description

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

Remediation

References

CVE-2023-45374

Related Vulnerabilities

WordPress Plugin bbPress Login Register Links On Forum Topic Pages Cross-Site Request Forgery (2.7.5)

WordPress Plugin Foliopress WYSIWYG Cross-Site Scripting (2.6.8.4)

MediaWiki Other Vulnerability (CVE-2006-2895)

MySQL CVE-2015-0385 Vulnerability (CVE-2015-0385)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0332)

Severity

Medium

Classification

CVE-2023-45374 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities