Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-31556
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
Mediawiki Mediawiki
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2021-37558
A SQL injection vulnerability in a MediaWiki script in Centreon prior to 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated malicious users to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only wh...
Centreon Centreon
9.8
CVSSv3
CVE-2021-36126
An issue exists in the AbuseFilter extension in MediaWiki up to and including 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. Th...
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2021-36128
An issue exists in the CentralAuth extension in MediaWiki up to and including 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2020-10534
In the GlobalBlocking extension prior to 2020-03-10 for MediaWiki up to and including 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of w...
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Mediawiki Mediawiki 1.27.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.27.2
Mediawiki Mediawiki 1.27.0
Mediawiki Mediawiki 1.28.1
Debian Debian Linux 9.0
Debian Debian Linux 7.0
9.8
CVSSv3
CVE-2017-8809
api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
1 Github repository
9.8
CVSSv3
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.21
Mediawiki Mediawiki 1.19.22
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.11
9.8
CVSSv3
CVE-2015-8009
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x prior to 1.25.3, 1.24.x prior to 1.24.4, and prior to 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use an...
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »