CVE-2013-4306
MediaWiki 1.19.0-1.19.7 - Cross-Site Request Forgery in CheckUser Extension
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/553
Patch x_refsource_confirm
https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651
Patch mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62210
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/96908
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=45019
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86893
Scores
EPSS
0.0023
EPSS Percentile
45.4%
Details
CWE
CWE-352
Status
published
Products (1)
mediawiki/mediawiki
1.19.0 - 1.19.8
Published
Oct 11, 2013
Tracked Since
Feb 18, 2026