Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  >> 1.35.14  Security Vulnerabilities
CVE-2022-28323
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-30
CVE-2022-29903
The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-29
CVE-2022-29904
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-04-29
CVE-2022-29905
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-29
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-29
CVE-2022-29907
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-29
CVE-2022-28205
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-30
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-30
CVE-2022-28209
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-30
CVE-2021-45471
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-12-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved