Vulnerabilities > Mediawiki > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-05 CVE-2024-47849 SQL Injection vulnerability in Mediawiki Cargo 3.6.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
network
low complexity
mediawiki CWE-89
critical
9.8
2023-06-30 CVE-2023-37303 Unspecified vulnerability in Mediawiki
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
network
low complexity
mediawiki
critical
9.8
2023-04-15 CVE-2020-29007 Code Injection vulnerability in Mediawiki Score 0.3.0
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable.
network
low complexity
mediawiki CWE-94
critical
9.8
2023-03-31 CVE-2023-29141 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3.
network
low complexity
mediawiki fedoraproject
critical
9.8
2022-04-29 CVE-2022-29904 SQL Injection vulnerability in Mediawiki
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
network
low complexity
mediawiki CWE-89
critical
9.8
2022-04-29 CVE-2022-29906 Missing Authorization vulnerability in Mediawiki
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
network
low complexity
mediawiki CWE-862
critical
9.8
2022-03-30 CVE-2022-28205 Unspecified vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.37.1.
network
low complexity
mediawiki
critical
9.8
2022-03-30 CVE-2022-28206 Unspecified vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.37.1.
network
low complexity
mediawiki
critical
9.8
2022-03-30 CVE-2022-28209 Unspecified vulnerability in Mediawiki
An issue was discovered in Mediawiki through 1.37.1.
network
low complexity
mediawiki
critical
9.8
2021-08-12 CVE-2021-31556 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-1284
critical
9.8