Vulnerabilities > CVE-2012-4885 - Multiple Security vulnerability in MediaWiki

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mediawiki
nessus

Summary

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

Nessus

NASL familyCGI abuses
NASL idMEDIAWIKI_1_18_2.NASL
descriptionAccording to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - An attacker can block/unblock arbitrary users via cross- site request forgery attack (XSRF) against an authorized user. (CVE-2012-1578) - Unauthorized users can disclose XSRF tokens, triggered by a failure of the
last seen2020-06-01
modified2020-06-02
plugin id58965
published2012-05-02
reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/58965
titleMediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities