CVE-2010-1648

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.15 through 1.15.3 MediaWiki versions 1.16 through 1.16 beta 2

Description The issue allows remote attackers to hijack the authentication of other users for requests that create accounts or reset passwords, related to the Special:Userlogin form. This is a cross-site request forgery (CSRF) vulnerability in the login interface.

Recommendations For MediaWiki versions 1.15 through 1.15.3, update to version 1.15.4 or later. For MediaWiki versions 1.16 through 1.16 beta 2, update to version 1.16 beta 3 or later. As a temporary workaround, consider restricting access to the Special:Userlogin form until a patch is available.