Home > Vulnerability Database > CVE-2024-47816

Mend.io Vulnerability Database

CVE-2024-47816

Good to know:

Date: October 9, 2024

ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.

Language: PHP

Severity Score

6.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47816

Url: https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc

Url: https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387

Url: https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c

Url: https://issue-tracker.miraheze.org/T12701

Url: https://www.mend.io/vulnerability-database/CVE-2024-47816

Severity Score

6.4

Weakness Type (CWE)

Improper Ownership Management

CWE-282

Top Fix

Upgrade Version

Upgrade to version 5c91dfce78320e717516ee65ef5a05f01979ee6c

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47816

Good to know:

Date: October 9, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?