CVE-2012-5395

MediaWiki <1.18.6, <1.19.3, <1.20.1 - Session Fixation

Title source: llm

Description

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

References (2)

Core 2

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.wikimedia.org/show_bug.cgi?id=40962

Vendor Advisory mailing-list x_refsource_mlist

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html

Scores

EPSS 0.0054

EPSS Percentile 67.7%

Details

Status published

Products (11)

mediawiki/mediawiki 1.20

mediawiki/mediawiki 1.19 (3 CPE variants)

mediawiki/mediawiki 1.19.1

mediawiki/mediawiki 1.19.2

mediawiki/mediawiki 1.18 (2 CPE variants)

mediawiki/mediawiki 1.18.0 (2 CPE variants)

mediawiki/mediawiki 1.18.1

mediawiki/mediawiki 1.18.2

mediawiki/mediawiki 1.18.3

mediawiki/mediawiki 1.18.4

... and 1 more

Published Jun 02, 2014

Tracked Since Feb 18, 2026