Vulnerabilities > Mediawiki > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-08 | CVE-2012-4381 | Use of Hard-coded Credentials vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | 8.1 |
2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 7.5 |
2019-11-20 | CVE-2013-1817 | Information Exposure vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | 7.5 |
2019-11-20 | CVE-2013-1816 | Improper Input Validation vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | 7.5 |
2019-10-29 | CVE-2012-0046 | Information Exposure vulnerability in Mediawiki mediawiki allows deleted text to be exposed | 7.5 |
2019-07-10 | CVE-2019-12474 | Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. | 7.5 |
2019-07-10 | CVE-2019-12473 | Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. | 7.5 |
2019-07-10 | CVE-2019-12472 | Unspecified vulnerability in Mediawiki An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. | 7.5 |
2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 8.8 |
2018-04-13 | CVE-2017-0367 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | 8.8 |