Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  Security Vulnerabilities
CVE-2012-0046
mediawiki allows deleted text to be exposed
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-29
CVE-2019-16738
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-09-26
CVE-2019-12469
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-10
CVE-2019-12470
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-10
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-10
CVE-2019-12471
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-10
CVE-2019-12472
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-10
CVE-2019-12473
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-07-10
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-07-10
CVE-2019-12467
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-07-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved