Published: 19/12/2008 Updated: 14/10/2009

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 up to and including 1.6.10, 1.12.x prior to 1.12.2, and 1.13.x prior to 1.13.3 allows remote malicious users to perform unspecified actions as authenticated users via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.6.11
mediawiki mediawiki 1.3.3
mediawiki mediawiki 1.3.4
mediawiki mediawiki 1.3.13
mediawiki mediawiki 1.3.14
mediawiki mediawiki 1.5
mediawiki mediawiki 1.5.0
mediawiki mediawiki 1.5.1
mediawiki mediawiki 1.6.0
mediawiki mediawiki 1.6.1
mediawiki mediawiki 1.6.8
mediawiki mediawiki 1.6.9
mediawiki mediawiki 1.12.0
mediawiki mediawiki 1.13.0
mediawiki mediawiki 1.3.5
mediawiki mediawiki 1.3.6
mediawiki mediawiki 1.3.15
mediawiki mediawiki 1.4.1
mediawiki mediawiki 1.5.2
mediawiki mediawiki 1.5.3
mediawiki mediawiki 1.5.4
mediawiki mediawiki 1.6.2
mediawiki mediawiki 1.6.3
mediawiki mediawiki 1.12.1
mediawiki mediawiki 1.13.2
mediawiki mediawiki 1.3.1
mediawiki mediawiki 1.3.2
mediawiki mediawiki 1.3.10
mediawiki mediawiki 1.3.11
mediawiki mediawiki 1.4.3
mediawiki mediawiki 1.4.4
mediawiki mediawiki 1.5.7
mediawiki mediawiki 1.5.8
mediawiki mediawiki 1.6.6
mediawiki mediawiki 1.6.7
mediawiki mediawiki 1.13.1
mediawiki mediawiki 1.3.0
mediawiki mediawiki 1.3.7
mediawiki mediawiki 1.3.8
mediawiki mediawiki 1.3.9
mediawiki mediawiki 1.4.0
mediawiki mediawiki 1.4.2
mediawiki mediawiki 1.5.5
mediawiki mediawiki 1.5.6
mediawiki mediawiki 1.6.4
mediawiki mediawiki 1.6.5
mediawiki mediawiki 1.6.10

Several vulnerabilities have been discovered in mediawiki17, a website engine for collaborative work The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5249 David Remahl discovered that mediawiki17 is prone to a cross-site scripting attack CVE-2008-5250 David Remahl discovered that mediawiki17, when I ...

Debian Bug report logs - #508868 CVE-2008-5249: XSS vulnerability in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue, 16 Dec 2008 04:48:01 UTC Severity: ...

Debian Bug report logs - #508869 CVE-2008-5250: several local script injection vulnerabilities in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue, 16 Dec ...

Debian Bug report logs - #508870 CVE-2008-5252: CSRF vulnerability affecting the Special:Import feature in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue ...

CWE-352 http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html http://secunia.com/advisories/33133 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html http://secunia.com/advisories/33349 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://www.debian.org/security/2009/dsa-1901 https://nvd.nist.gov https://www.debian.org/security/./dsa-1901

CVE-2008-5252

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect