Filtered by vendor Mediawiki
Subscribe
Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29141 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-08-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | |||||
| CVE-2021-31556 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. | |||||
| CVE-2022-29906 | 1 Mediawiki | 1 Mediawiki | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | |||||
| CVE-2021-36128 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. | |||||
| CVE-2022-29904 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. | |||||
| CVE-2020-10534 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled. | |||||
| CVE-2021-36126 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user. | |||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |||||
| CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||||
| CVE-2017-8809 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | |||||
| CVE-2014-9487 | 1 Mediawiki | 1 Mediawiki | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053. | |||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2017-09-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | |||||
| CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2017-03-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||