CVE-2012-5395

MediaWiki <1.18.6, <1.19.3, <1.20.1 - Session Fixation

Title source: llm
STIX 2.1

Description

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=40962

Scores

EPSS 0.0116
EPSS Percentile 63.5%

Details

Status published
Products (11)
mediawiki/mediawiki 1.20
mediawiki/mediawiki 1.19 (3 CPE variants)
mediawiki/mediawiki 1.19.1
mediawiki/mediawiki 1.19.2
mediawiki/mediawiki 1.18 (2 CPE variants)
mediawiki/mediawiki 1.18.0 (2 CPE variants)
mediawiki/mediawiki 1.18.1
mediawiki/mediawiki 1.18.2
mediawiki/mediawiki 1.18.3
mediawiki/mediawiki 1.18.4
... and 1 more
Published Jun 02, 2014
Tracked Since Feb 18, 2026