Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-08 CVE-2012-4381 Use of Hard-coded Credentials vulnerability in Mediawiki
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
network
high complexity
mediawiki CWE-798
8.1
2020-02-06 CVE-2013-4572 Session Fixation vulnerability in multiple products
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
network
low complexity
mediawiki fedoraproject CWE-384
7.5
2019-11-20 CVE-2013-1817 Information Exposure vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
network
low complexity
mediawiki debian redhat fedoraproject CWE-200
7.5
2019-11-20 CVE-2013-1816 Improper Input Validation vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
network
low complexity
mediawiki debian redhat fedoraproject CWE-20
7.5
2019-10-29 CVE-2012-0046 Information Exposure vulnerability in Mediawiki
mediawiki allows deleted text to be exposed
network
low complexity
mediawiki CWE-200
7.5
2019-07-10 CVE-2019-12474 Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak.
network
low complexity
mediawiki debian
7.5
2019-07-10 CVE-2019-12473 Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS.
network
low complexity
mediawiki debian
7.5
2019-07-10 CVE-2019-12472 Unspecified vulnerability in Mediawiki
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1.
network
low complexity
mediawiki
7.5
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF.
network
low complexity
mediawiki debian CWE-352
8.8
2018-04-13 CVE-2017-0367 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
network
low complexity
mediawiki debian CWE-668
8.8