CVSS 3.1 Score 4.3 of 10 (medium)


Published Jul 7, 2024
Updated: Jul 9, 2024
CWE ID 352


CVE-2024-40603 is a vulnerability in the ArticleRatings extension for MediaWiki through version 1.42.1. The vulnerability allows for Cross-Site Request Forgery (CSRF), enabling an attacker to alter data through a GET request on the Special:ChangeRating page. This vulnerability affects multiple products, including Xz2hff, Xz2hfe, Xz2hf_, and many others. To remediate this vulnerability, users should update their MediaWiki installation to version 1.42.1 or newer. The potential danger of this vulnerability lies in the fact that an attacker could manipulate data within the MediaWiki system, potentially leading to unauthorized changes or malicious actions within an organization's wiki environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-40603 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions