CVE-2012-5394

MediaWiki <1.19.9, <1.20.8, <1.21.3 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

References (4)

Core 4

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.wikimedia.org/show_bug.cgi?id=40747

Various Sources mailing-list x_refsource_mlist

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html

Scores

EPSS 0.0017

EPSS Percentile 37.9%

Details

CWE

CWE-352

Status published

Products (21)

mediawiki/mediawiki 1.20

mediawiki/mediawiki 1.20.1

mediawiki/mediawiki 1.20.2

mediawiki/mediawiki 1.20.3

mediawiki/mediawiki 1.20.4

mediawiki/mediawiki 1.20.5

mediawiki/mediawiki 1.20.6

mediawiki/mediawiki 1.20.7

mediawiki/mediawiki 1.21

mediawiki/mediawiki 1.21.1

... and 11 more

Published Dec 13, 2013

Tracked Since Feb 18, 2026