Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mediawiki mediawiki 1.19.2 vulnerabilities and exploits

(subscribe to this query)
605
VMScore
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the session_id.
Mediawiki Mediawiki 1.18.1Mediawiki Mediawiki 1.18.2Mediawiki Mediawiki 1.18.3Mediawiki Mediawiki 1.18Mediawiki Mediawiki 1.18.0Mediawiki MediawikiMediawiki Mediawiki 1.18.4Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.20
605
VMScore
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.18.0Mediawiki Mediawiki 1.18.1Mediawiki Mediawiki 1.18.2Mediawiki MediawikiMediawiki Mediawiki 1.18Mediawiki Mediawiki 1.18.4Mediawiki Mediawiki 1.18.3
605
VMScore
CVE-2013-2114
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 up to and including 1.19.6 and 1.20.x prior to 1.20.6 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension.
Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.20.5Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.20.1Mediawiki Mediawiki 1.20.3Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.20.2Mediawiki Mediawiki 1.20.4Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4
605
VMScore
CVE-2014-3455
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allow remote...
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3
605
VMScore
CVE-2014-3454
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to hijack the authentication of users for requests that create c...
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki
668
VMScore
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6
445
VMScore
CVE-2013-4570
The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to ...
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.2Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3
383
VMScore
CVE-2013-4574
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via vectors related to videos.
Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.8Mediawiki MediawikiMediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21
383
VMScore
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5
668
VMScore
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook