Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.24.2 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 does not perform token comparison in constant time, which allows remote malicious users to guess the watchlist token and bypass CSRF protection via a timing at...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
632
VMScore
CVE-2015-2937
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM or Zend PHP, allows remote malicious users to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long r...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
632
VMScore
CVE-2015-2942
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM, allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF fi...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
632
VMScore
CVE-2015-2936
MediaWiki 1.24.x prior to 1.24.2, when using PBKDF2 for password hashing, allows remote malicious users to cause a denial of service (CPU consumption) via a long password.
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
605
VMScore
CVE-2015-8623
The User::matchEditToken function in includes/User.php in MediaWiki prior to 1.23.12 and 1.24.x prior to 1.24.5 does not perform token comparison in constant time before returning, which allows remote malicious users to guess the edit token and bypass CSRF protection via a timing...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki
605
VMScore
CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which al...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
605
VMScore
CVE-2015-8003
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
605
VMScore
CVE-2015-8002
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
445
VMScore
CVE-2015-8009
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x prior to 1.25.3, 1.24.x prior to 1.24.4, and prior to 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use an...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
445
VMScore
CVE-2015-8627
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote malicious users to bypass intended access restrictions by using an IP address that...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »