CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mediawiki: >> Mediawiki >> 1.16.4 Security Vulnerabilities

CVE-2011-1766

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

CVSS Score

5.8

EPSS Score

0.003

Published

2011-05-23

Page 27

Vulnerabilities

Vulnerable Software

Mediawiki: >> Mediawiki >> 1.16.4 Security Vulnerabilities

Products

Pricing

Contact Us