PT-2024-28939 · Mediawiki+1 · Articleratings+1

Ashley

Published

2024-07-06

Updated

2025-06-19

CVE-2024-40603

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ArticleRatings extension for MediaWiki versions through 1.42.1

Description An issue was discovered in the ArticleRatings extension for MediaWiki, where Special:ChangeRating allows CSRF to alter data via a GET request. This issue enables Cross-Site Request Forgery (CSRF) attacks, which can modify data without the user's consent.

Recommendations For versions through 1.42.1, consider disabling the Special:ChangeRating feature until a patch is available to prevent CSRF attacks. Restrict access to this feature to minimize the risk of exploitation. Avoid using GET requests to alter data in the affected extension until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2025-5905

BIT-MEDIAWIKI-2024-40603

CVE-2024-40603

Affected Products

Alt Linux

Articleratings

PT-2024-28939 · Mediawiki+1 · Articleratings+1

CVE-2024-40603

Weakness Enumeration

Related Identifiers

Affected Products

References · 9