Vulnerabilities > Mediawiki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 8.8 |
2019-07-10 | CVE-2019-12468 | Missing Authentication for Critical Function vulnerability in multiple products An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. | 9.8 |
2019-07-10 | CVE-2019-12467 | MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). | 5.3 |
2018-10-04 | CVE-2018-13258 | Information Exposure vulnerability in Mediawiki 1.31.0 Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | 5.3 |
2018-10-04 | CVE-2018-0505 | Improper Authentication vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | 6.5 |
2018-10-04 | CVE-2018-0504 | Information Exposure Through Log Files vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | 6.5 |
2018-10-04 | CVE-2018-0503 | Improper Privilege Management vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | 4.3 |
2018-04-16 | CVE-2014-1686 | Information Exposure vulnerability in Mediawiki 1.18.0 MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | 5.3 |
2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 9.8 |
2018-04-13 | CVE-2017-0370 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | 5.3 |