Lucene search
+L

MediaWiki < 1.15.3 CSRF Vulnerability

🗓️ 12 Apr 2010 00:00:00Reported by Copyright (C) 2010 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 31 Views

MediaWiki < 1.15.3 CSRF Vulnerability. Remote attacker may gain unauthorized access and perform administrative actions

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD
mediawiki -- authenticated CSRF vulnerability
7 Apr 201000:00
freebsd
CVE
CVE-2010-1150
20 Apr 201015:00
cve
Cvelist
CVE-2010-1150
20 Apr 201015:00
cvelist
Debian
[SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery
4 May 201000:25
debian
Debian CVE
CVE-2010-1150
20 Apr 201015:00
debiancve
Tenable Nessus
Debian DSA-2041-1 : mediawiki - Cross-Site Request Forgery
5 May 201000:00
nessus
Tenable Nessus
FreeBSD : mediawiki -- authenticated CSRF vulnerability (694da5b4-5877-11df-8d80-0015587e2cc1)
7 May 201000:00
nessus
EUVD
EUVD-2010-1181
7 Oct 202500:30
euvd
NVD
CVE-2010-1150
20 Apr 201015:30
nvd
OpenVAS
FreeBSD Ports: mediawiki
14 May 201000:00
openvas
Rows per page
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mediawiki:mediawiki";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100568");
  script_version("2024-07-16T05:05:43+0000");
  script_cve_id("CVE-2010-1150");
  script_tag(name:"last_modification", value:"2024-07-16 05:05:43 +0000 (Tue, 16 Jul 2024)");
  script_tag(name:"creation_date", value:"2010-04-12 18:40:45 +0200 (Mon, 12 Apr 2010)");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_name("MediaWiki < 1.15.3 CSRF Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_dependencies("gb_mediawiki_http_detect.nasl");
  script_mandatory_keys("mediawiki/detected");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39270");
  script_xref(name:"URL", value:"http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html");

  script_tag(name:"summary", value:"MediaWiki is prone to a cross-site request forgery (CSRF)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"Exploiting this issue may allow a remote attacker to perform
  certain administrative actions and gain unauthorized access to the affected application. Other
  attacks are also possible.");

  script_tag(name:"affected", value:"MediaWiki versions prior to 1.15.3.");

  script_tag(name:"solution", value:"Update to version 1.15.3 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"1.15.3" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.15.3" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jul 2024 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 26
EPSS0.01298
31