Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MediaWiki CentralAuth扩展跨站请求伪造漏洞
Vulnerability Description
MediaWiki是美国维基媒体(Wikimedia)基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎。CentralAuth是其中的一个可在项目之间实现全球账户共享的扩展。 MediaWiki的CentralAuth扩展中存在跨站请求伪造漏洞。远程攻击者可通过图片加载利用该漏洞实施跨站请求伪造攻击,强制用户执行恶意的avaScript代码。以下版本受到影响:MediaWiki 1.19.9之前的版本,1.20.8之前的1.20.x版本,1.21.3之前的1.21.x版本
CVSS Information
N/A
Vulnerability Type
N/A