Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-28323
An issue exists in MediaWiki up to and including 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2022-29547
The CreateRedirect extension prior to 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page.
Mediawiki Createredirect
7.5
CVSSv3
CVE-2017-0371
MediaWiki prior to 1.23.16, 1.24.x up to and including 1.27.x prior to 1.27.2, and 1.28.x prior to 1.28.1 allows remote malicious users to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an...
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2021-46149
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2021-44858
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRea...
Mediawiki Mediawiki
1 Github repository
7.5
CVSSv3
CVE-2021-41799
MediaWiki prior to 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
Mediawiki Mediawiki
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-42040
An issue exists in MediaWiki up to and including 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2021-41118
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possi...
Dynamicpagelist3 Project Dynamicpagelist3
7.5
CVSSv3
CVE-2021-35197
In MediaWiki prior to 1.31.15, 1.32.x up to and including 1.35.x prior to 1.35.3, and 1.36.x prior to 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Ac...
Mediawiki Mediawiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-36125
An issue exists in the CentralAuth extension in MediaWiki up to and including 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameCh...
Mediawiki Mediawiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »