Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2012-4381
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent malicious users to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the st...
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-29904
The SemanticDrilldown extension for MediaWiki up to and including 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki up to and including 1.37.2 (prior to 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-28209
An issue exists in Mediawiki up to and including 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-28205
An issue exists in MediaWiki up to and including 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2022-28206
An issue exists in MediaWiki up to and including 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2021-31556
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
Mediawiki Mediawiki
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv2
CVE-2021-37558
A SQL injection vulnerability in a MediaWiki script in Centreon prior to 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated malicious users to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only wh...
Centreon Centreon
7.5
CVSSv2
CVE-2021-36126
An issue exists in the AbuseFilter extension in MediaWiki up to and including 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. Th...
Mediawiki Mediawiki
7.5
CVSSv2
CVE-2021-36128
An issue exists in the CentralAuth extension in MediaWiki up to and including 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.
Mediawiki Mediawiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »