Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  >> 1.35.12  Security Vulnerabilities
CVE-2022-28205
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-03-30
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-03-30
CVE-2022-28209
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-03-30
CVE-2021-45471
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
CVSS Score
5.3
EPSS Score
0.012
Published
2021-12-24
CVE-2021-45472
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-12-24
CVE-2021-45474
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-12-24
CVE-2021-41798
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-11
CVE-2021-41799
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-10-11
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
CVSS Score
5.3
EPSS Score
0.017
Published
2021-10-11
CVE-2021-42040
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved