Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-36126
An issue exists in the AbuseFilter extension in MediaWiki up to and including 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. Th...
Mediawiki Mediawiki
668
VMScore
CVE-2021-36128
An issue exists in the CentralAuth extension in MediaWiki up to and including 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.
Mediawiki Mediawiki
668
VMScore
CVE-2020-10534
In the GlobalBlocking extension prior to 2020-03-10 for MediaWiki up to and including 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of w...
Mediawiki Mediawiki
668
VMScore
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
668
VMScore
CVE-2017-8809
api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki 1.28.2
Mediawiki Mediawiki
Debian Debian Linux 9.0
1 Github repository
668
VMScore
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.19.11
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.20
668
VMScore
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 does not perform token comparison in constant time, which allows remote malicious users to guess the watchlist token and bypass CSRF protection via a timing at...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
668
VMScore
CVE-2014-9277
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki prior to 1.19.22, 1.20.x up to and including 1.22.x prior to 1.22.14, and 1.23.x prior to 1.23.7 allows remote malicious users to conduct PHP object injection attacks via a crafted string containing <cross-doma...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.23.6
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.22.7
668
VMScore
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
668
VMScore
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »