Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-8626
The User::randomPassword function in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote malicious users to obtain access via a brute-for...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
445
VMScore
CVE-2015-8627
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote malicious users to bypass intended access restrictions by using an IP address that...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
605
VMScore
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the session_id.
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.20
383
VMScore
CVE-2015-8628
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 allow remote malicious users to obtain sens...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
445
VMScore
CVE-2015-8625
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote malicious users to read arbitrary files via an @ (at sign) character in unspecified POST a...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
605
VMScore
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
755
VMScore
CVE-2004-1405
MediaWiki 1.3.8 and previous versions, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote malicious users to upload and execute arbitrary code.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.11
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
1 EDB exploit
445
VMScore
CVE-2005-0536
Directory traversal vulnerability in MediaWiki 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 rc1 allows remote malicious users to delete arbitrary files or determine file existence via a parameter related to image deletion.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
383
VMScore
CVE-2005-1245
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.11
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
383
VMScore
CVE-2005-0534
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 rc1 allow remote malicious users to inject arbitrary web script.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »