CVE-2008-5252
MediaWiki 1.3.0-1.6.10, 1.12.x < 1.12.2, 1.13.x < 1.13.3 - Cross-Site Request Forgery in Special:Import
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1901
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33133
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33349
Scores
EPSS
0.0041
EPSS Percentile
61.7%
Details
CWE
CWE-352
Status
published
Products (43)
mediawiki/mediawiki
1.3.0
mediawiki/mediawiki
1.3.1
mediawiki/mediawiki
1.3.2
mediawiki/mediawiki
1.3.3
mediawiki/mediawiki
1.3.4
mediawiki/mediawiki
1.3.5
mediawiki/mediawiki
1.3.6
mediawiki/mediawiki
1.3.7
mediawiki/mediawiki
1.3.8
mediawiki/mediawiki
1.3.9
... and 33 more
Published
Dec 19, 2008
Tracked Since
Feb 18, 2026