Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-10534
In the GlobalBlocking extension prior to 2020-03-10 for MediaWiki up to and including 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of w...
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Mediawiki Mediawiki 1.27.0
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki 1.27.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.27.1
Debian Debian Linux 7.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-8809
api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki 1.28.2
Mediawiki Mediawiki
Debian Debian Linux 9.0
1 Github repository
7.5
CVSSv2
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.19.11
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.20
7.5
CVSSv2
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 does not perform token comparison in constant time, which allows remote malicious users to guess the watchlist token and bypass CSRF protection via a timing at...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
7.5
CVSSv2
CVE-2014-9277
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki prior to 1.19.22, 1.20.x up to and including 1.22.x prior to 1.22.14, and 1.23.x prior to 1.23.7 allows remote malicious users to conduct PHP object injection attacks via a crafted string containing <cross-doma...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.23.6
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.22.7
7.5
CVSSv2
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
7.5
CVSSv2
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
7.5
CVSSv2
CVE-2013-4304
The CentralAuth extension for MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote malicious users to bypass a...
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Brion Vibber Centralauth Extension -
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »