CVE-2022-29905

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FanBoxes extension for MediaWiki versions through 1.37.2

Description The issue allows for Special:UserBoxes CSRF.

Recommendations For FanBoxes extension for MediaWiki versions through 1.37.2, update to a version after 027ffb0b9d6fe0d823810cf03f5b562a212162d4 to resolve the issue. As a temporary workaround, consider restricting access to the Special:UserBoxes page until a patch is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2022-3361

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2022-29905

CVE-2022-29905

Affected Products

Alt Linux

Fanboxes Extension For Mediawiki

CVE-2022-29905

Weakness Enumeration

Related Identifiers

Affected Products

References · 7