Vulnerabilities > Mediawiki > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-36126 Unspecified vulnerability in Mediawiki
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
network
low complexity
mediawiki
critical
 9.8
9.8
2021-07-02 CVE-2021-36128 Improper Handling of Exceptional Conditions vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-755
critical
 9.8
9.8
2020-03-12 CVE-2020-10534 Incorrect Authorization vulnerability in Mediawiki
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges.
network
low complexity
mediawiki CWE-863
critical
 9.8
9.8
2019-07-10 CVE-2019-12468 Missing Authentication for Critical Function vulnerability in multiple products
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1.
network
low complexity
mediawiki debian CWE-306
critical
 9.8
9.8
2018-04-13 CVE-2017-0372 Injection vulnerability in multiple products
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
network
low complexity
mediawiki debian CWE-74
critical
 9.8
9.8
2017-11-15 CVE-2017-8809 Injection vulnerability in multiple products
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
network
low complexity
mediawiki debian CWE-74
critical
 9.8
9.8
2017-10-17 CVE-2014-9487 XXE vulnerability in Mediawiki
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
mediawiki CWE-611
critical
 9.8
9.8
2017-07-25 CVE-2015-8009 Credentials Management vulnerability in Mediawiki
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
network
low complexity
mediawiki CWE-255
critical
 9.8
9.8
2017-03-23 CVE-2015-8626 Credentials Management vulnerability in Mediawiki
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
mediawiki CWE-255
critical
 9.8
9.8