Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF.
network
low complexity
mediawiki debian CWE-352
8.8
2019-07-10 CVE-2019-12468 Missing Authentication for Critical Function vulnerability in multiple products
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1.
network
low complexity
mediawiki debian CWE-306
critical
9.8
2019-07-10 CVE-2019-12467 MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3).
network
low complexity
mediawiki debian
5.3
2018-10-04 CVE-2018-13258 Information Exposure vulnerability in Mediawiki 1.31.0
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
network
low complexity
mediawiki CWE-200
5.3
2018-10-04 CVE-2018-0505 Improper Authentication vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
network
low complexity
mediawiki debian CWE-287
6.5
2018-10-04 CVE-2018-0504 Information Exposure Through Log Files vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
network
low complexity
mediawiki debian CWE-532
6.5
2018-10-04 CVE-2018-0503 Improper Privilege Management vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
network
low complexity
mediawiki debian CWE-269
4.3
2018-04-16 CVE-2014-1686 Information Exposure vulnerability in Mediawiki 1.18.0
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
network
low complexity
mediawiki CWE-200
5.3
2018-04-13 CVE-2017-0372 Injection vulnerability in multiple products
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
network
low complexity
mediawiki debian CWE-74
critical
9.8
2018-04-13 CVE-2017-0370 Improper Input Validation vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
network
low complexity
mediawiki debian CWE-20
5.3