Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-15164
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this ex...
Scratch-wiki Scratch Login
9.8
CVSSv3
CVE-2023-37303
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2020-29007
The Score extension up to and including 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execut...
Mediawiki Score
5 Github repositories
9.8
CVSSv3
CVE-2023-29141
An issue exists in MediaWiki prior to 1.35.10, 1.36.x up to and including 1.38.x prior to 1.38.6, and 1.39.x prior to 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Mediawiki Mediawiki
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2023-24612
The PdfBook extension up to and including 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.
Pdfbook Project Pdfbook
9.8
CVSSv3
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki up to and including 1.37.2 (prior to 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2022-29904
The SemanticDrilldown extension for MediaWiki up to and including 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2022-28205
An issue exists in MediaWiki up to and including 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2022-28209
An issue exists in Mediawiki up to and including 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2022-28206
An issue exists in MediaWiki up to and including 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »