Vulnerabilities > CVE-2012-4885 - Unspecified vulnerability in Mediawiki

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mediawiki
nessus

Summary

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

Nessus

NASL familyCGI abuses
NASL idMEDIAWIKI_1_18_2.NASL
descriptionAccording to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - An attacker can block/unblock arbitrary users via cross- site request forgery attack (XSRF) against an authorized user. (CVE-2012-1578) - Unauthorized users can disclose XSRF tokens, triggered by a failure of the
last seen2020-06-01
modified2020-06-02
plugin id58965
published2012-05-02
reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/58965
titleMediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities