Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-28	CVE-2020-15164	Injection vulnerability in Scratch-Wiki Scratch Login in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. network low complexity scratch-wiki CWE-74 critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.