Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2011-1580 - CERT CVE
CVE-2011-1580
ID
CVE-2011-1580
Sažetak
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
http://openwall.com/lists/oss-security/2011/04/13/15
http://secunia.com/advisories/44142
http://www.debian.org/security/2011/dsa-2366
http://www.securityfocus.com/bid/47354
http://www.vupen.com/english/advisories/2011/0978
http://www.vupen.com/english/advisories/2011/1100
http://www.vupen.com/english/advisories/2011/1151
https://bugzilla.redhat.com/show_bug.cgi?id=695577
https://bugzilla.redhat.com/show_bug.cgi?id=696360
https://bugzilla.wikimedia.org/show_bug.cgi?id=28449
https://exchange.xforce.ibmcloud.com/vulnerabilities/66739
CVSS
Base:
3.5
Impact:
2.9
Exploitability:
6.8
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
SINGLE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
NONE
CVSS vektor
AV:N/AC:M/Au:S/C:N/I:P/A:N
Zadnje važnije ažuriranje
17-08-2017 - 01:34
Objavljeno
27-04-2011 - 00:55