Vulnerabilities > Mediawiki > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-05 | CVE-2024-47849 | SQL Injection vulnerability in Mediawiki Cargo 3.6.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 9.8 |
2023-06-30 | CVE-2023-37303 | Unspecified vulnerability in Mediawiki An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. | 9.8 |
2023-04-15 | CVE-2020-29007 | Code Injection vulnerability in Mediawiki Score The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. | 9.8 |
2023-03-31 | CVE-2023-29141 | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. | 9.8 |
2022-04-29 | CVE-2022-29906 | Missing Authorization vulnerability in Mediawiki The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 9.8 |
2022-03-30 | CVE-2022-28205 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
2022-03-30 | CVE-2022-28206 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
2022-03-30 | CVE-2022-28209 | Unspecified vulnerability in Mediawiki An issue was discovered in Mediawiki through 1.37.1. | 9.8 |
2021-08-12 | CVE-2021-31556 | Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 9.8 |
2020-02-08 | CVE-2012-4381 | Use of Hard-coded Credentials vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | 9.3 |