Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  >> 1.19.12  Security Vulnerabilities
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-09-26
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-10
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-10
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-10
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-10
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-07-10
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVSS Score
9.8
EPSS Score
0.59
Published
2018-04-13
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-12-29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-11-15
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVSS Score
9.8
EPSS Score
0.19
Published
2017-11-15


Contact Us

Shodan ® - All rights reserved