Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-45367
An issue exists in the CheckUser extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragen...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2023-29139
An issue exists in the CheckUser extension for MediaWiki up to and including 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-42049
An issue exists in the Translate extension in MediaWiki up to and including 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-46148
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-44857
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any...
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-32722
GlobalNewFiles is a mediawiki extension. Versions before 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handlin...
Miraheze Globalnewfiles
6.5
CVSSv3
CVE-2021-31548
An issue exists in the AbuseFilter extension for MediaWiki up to and including 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2021-31553
An issue exists in the CheckUser extension for MediaWiki up to and including 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example...
6.5
CVSSv3
CVE-2019-18611
An issue exists in the CheckUser extension up to and including 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users sho...
Mediawiki Checkuser
6.5
CVSSv3
CVE-2019-12470
Wikimedia MediaWiki up to and including 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »