CVE-2012-5394

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

Published: Dec 13, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-5394
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	1.20.5	1.20.5.x
mediawiki / mediawiki	1.20.1	1.20.1.x
mediawiki / mediawiki	1.20.4	1.20.4.x
mediawiki / mediawiki	1.20.2	1.20.2.x
mediawiki / mediawiki	1.20.3	1.20.3.x
mediawiki / mediawiki	1.20.6	1.20.6.x
mediawiki / mediawiki	1.20	1.20.x
mediawiki / mediawiki	1.20.7	1.20.7.x
mediawiki / mediawiki	1.21.1	1.21.1.x
mediawiki / mediawiki	1.21.2	1.21.2.x
mediawiki / mediawiki	1.21	1.21.x
mediawiki / mediawiki	1.19	1.19.x
mediawiki / mediawiki	1.19-beta_1	1.19-beta_1.x
mediawiki / mediawiki	1.19.3	1.19.3.x
mediawiki / mediawiki	1.19.1	1.19.1.x
mediawiki / mediawiki	1.19.6	1.19.6.x
mediawiki / mediawiki	1.19-beta_2	1.19-beta_2.x
mediawiki / mediawiki	1.19.5	1.19.5.x
mediawiki / mediawiki	1.19.0	1.19.0.x
mediawiki / mediawiki	1.19.4	1.19.4.x
mediawiki / mediawiki	-	1.19.8.x
mediawiki / mediawiki	1.19.7	1.19.7.x
mediawiki / mediawiki	1.19.2	1.19.2.x

Vulnerability Database

289,697

CVE-2012-5394