CVE-2011-1580

Description

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

How to fix CVE-2011-1580

To remediate CVE-2011-1580, upgrade the affected package to a fixed version below.

• Debian/mediawiki—upgrade to 1:1.15.5-5 or later

Is CVE-2011-1580 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.15.5-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1580