CVE-2011-1580 Information

Feb 14, 2021 cve

Description

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html http://openwall.com/lists/oss-security/2011/04/13/15 http://secunia.com/advisories/44142 http://www.debian.org/security/2011/dsa-2366 http://www.securityfocus.com/bid/47354 http://www.vupen.com/english/advisories/2011/0978 http://www.vupen.com/english/advisories/2011/1100 http://www.vupen.com/english/advisories/2011/1151 https://bugzilla.redhat.com/show_bug.cgi?id=695577 https://bugzilla.redhat.com/show_bug.cgi?id=696360 https://bugzilla.wikimedia.org/show_bug.cgi?id=28449 https://exchange.xforce.ibmcloud.com/vulnerabilities/66739

Share on: