Vulnerabilities > Mediawiki > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-30 CVE-2023-37303 Unspecified vulnerability in Mediawiki
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
network
low complexity
mediawiki
critical
 9.8
9.8
2023-04-15 CVE-2020-29007 Code Injection vulnerability in Mediawiki Score
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable.
network
low complexity
mediawiki CWE-94
critical
 9.8
9.8
2023-03-31 CVE-2023-29141 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3.
network
low complexity
mediawiki fedoraproject
critical
 9.8
9.8
2022-04-29 CVE-2022-29906 Missing Authorization vulnerability in Mediawiki
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
network
low complexity
mediawiki CWE-862
critical
 9.8
9.8
2022-03-30 CVE-2022-28209 Unspecified vulnerability in Mediawiki
An issue was discovered in Mediawiki through 1.37.1.
network
low complexity
mediawiki
critical
 9.8
9.8
2022-03-30 CVE-2022-28206 Unspecified vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.37.1.
network
low complexity
mediawiki
critical
 9.8
9.8
2022-03-30 CVE-2022-28205 Unspecified vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.37.1.
network
low complexity
mediawiki
critical
 9.8
9.8
2021-08-12 CVE-2021-31556 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-1284
critical
 9.8
9.8
2020-02-08 CVE-2012-4381 Use of Hard-coded Credentials vulnerability in Mediawiki
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
network
mediawiki CWE-798
critical
 9.3
9.3