Description
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83008
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
Scores
EPSS
0.0076
EPSS Percentile
73.5%
Details
Status
published
Products (11)
mediawiki/mediawiki
1.18 (2 CPE variants)
mediawiki/mediawiki
1.18.0 (2 CPE variants)
mediawiki/mediawiki
1.18.1
mediawiki/mediawiki
1.18.2
mediawiki/mediawiki
1.18.3
mediawiki/mediawiki
1.18.4
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.20
... and 1 more
Published
Jun 02, 2014
Tracked Since
Feb 18, 2026