Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mediawiki mediawiki 1.25.2 vulnerabilities and exploits

(subscribe to this query)
3.5
CVSSv2
CVE-2015-8001
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the fil...
Mediawiki MediawikiMediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2
6.8
CVSSv2
CVE-2015-8003
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.3Mediawiki MediawikiMediawiki Mediawiki 1.24.0
5
CVSSv2
CVE-2015-8005
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote malicious users to obtain the installation path by reading the metadata of a PNG thumbnail file.
Mediawiki MediawikiMediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.25.0
5
CVSSv2
CVE-2015-8009
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x prior to 1.25.3, 1.24.x prior to 1.24.4, and prior to 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use an...
Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.0Mediawiki MediawikiMediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.2
6.8
CVSSv2
CVE-2015-8002
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2Mediawiki MediawikiMediawiki Mediawiki 1.24.1
4
CVSSv2
CVE-2015-8004
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which ret...
Mediawiki MediawikiMediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2
4.3
CVSSv2
CVE-2015-8622
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as de...
Mediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.26.0Mediawiki Mediawiki 1.24.4Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.3Mediawiki MediawikiMediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.2
6.8
CVSSv2
CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which al...
Mediawiki Mediawiki 1.24.4Mediawiki MediawikiMediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.25.3Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.26.0Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.1
5
CVSSv2
CVE-2015-8625
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote malicious users to read arbitrary files via an @ (at sign) character in unspecified POST a...
Mediawiki Mediawiki 1.24.3Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.26.0Mediawiki Mediawiki 1.25.3Mediawiki MediawikiMediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.4Mediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2
5
CVSSv2
CVE-2015-8627
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote malicious users to bypass intended access restrictions by using an IP address that...
Mediawiki Mediawiki 1.25.0Mediawiki Mediawiki 1.25.1Mediawiki Mediawiki 1.25.2Mediawiki Mediawiki 1.24.0Mediawiki Mediawiki 1.24.2Mediawiki Mediawiki 1.26.0Mediawiki Mediawiki 1.25.3Mediawiki Mediawiki 1.24.4Mediawiki MediawikiMediawiki Mediawiki 1.24.1Mediawiki Mediawiki 1.24.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook