Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.18.0 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.3
6.8
CVSSv2
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the session_id.
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.20
6.8
CVSSv2
CVE-2012-1578
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 allow remote malicious users to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block mod...
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
6.8
CVSSv2
CVE-2012-1580
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 allows remote malicious users to hijack the authentication of unspecified victims for requests that upload files.
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.1
5.8
CVSSv2
CVE-2014-2243
includes/User.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote malicious users to obtain access via a brute-forc...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
5
CVSSv2
CVE-2019-12472
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 up to and including 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
5
CVSSv2
CVE-2014-1686
MediaWiki 1.18.0 allows remote malicious users to obtain the installation path via vectors related to thumbnail creation.
Mediawiki Mediawiki 1.18.0
5
CVSSv2
CVE-2013-2032
MediaWiki prior to 1.19.6 and 1.20.x prior to 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote malicious users to bypass the intended restrictions of an extension that only implem...
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.16.2
5
CVSSv2
CVE-2012-1579
The resource loader in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote malicious users to obtain sensitive information.
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
5
CVSSv2
CVE-2012-1581
MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote malicious users to change the passwords of arbitrary users.
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »