Vulnerabilities > Mediawiki > Mediawiki > 1.6.8

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2019-16738 Missing Authorization vulnerability in multiple products
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
network
low complexity
mediawiki fedoraproject debian CWE-862
5.3
5.3
2019-07-10 CVE-2019-12470 Missing Authorization vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
6.5
6.5
2019-07-10 CVE-2019-12469 Missing Authorization vulnerability in multiple products
MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
6.5
6.5
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF.
network
low complexity
mediawiki debian CWE-352
8.8
8.8
2019-07-10 CVE-2019-12467 MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3).
network
low complexity
mediawiki debian
5.3
5.3
2018-04-13 CVE-2017-0372 Injection vulnerability in multiple products
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
network
low complexity
mediawiki debian CWE-74
critical
 9.8
9.8
2017-12-29 CVE-2015-8008 Improper Access Control vulnerability in multiple products
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
network
low complexity
mediawiki fedoraproject CWE-284
7.5
7.5
2017-11-15 CVE-2017-8815 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
network
low complexity
mediawiki debian CWE-20
7.5
7.5
2017-11-15 CVE-2017-8814 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
network
low complexity
mediawiki debian CWE-20
7.5
7.5
2017-11-15 CVE-2017-8812 MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
network
low complexity
mediawiki debian
5.3
5.3