Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mediawiki
(Mediawiki)| Repositories |
• https://github.com/wikimedia/mediawiki
• https://github.com/wikimedia/mediawiki-core |
| #Vulnerabilities | 354 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-20 | CVE-2013-1816 | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | Debian_linux, Fedora, Mediawiki, Enterprise_linux | N/A | ||
| 2019-10-29 | CVE-2012-0046 | mediawiki allows deleted text to be exposed | Mediawiki | N/A | ||
| 2018-10-04 | CVE-2018-0504 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | Debian_linux, Mediawiki | 6.5 | ||
| 2018-10-04 | CVE-2018-0505 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | Debian_linux, Mediawiki | 6.5 | ||
| 2018-10-04 | CVE-2018-0503 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | Debian_linux, Mediawiki | 4.3 | ||
| 2018-04-13 | CVE-2017-0369 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | Debian_linux, Mediawiki | 6.5 | ||
| 2018-04-13 | CVE-2017-0367 | Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | Debian_linux, Mediawiki | 8.8 | ||
| 2013-10-11 | CVE-2013-4306 | Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. | Mediawiki | N/A | ||
| 2019-07-10 | CVE-2019-12472 | An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | Mediawiki | 7.5 | ||
| 2019-07-10 | CVE-2019-12468 | An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | Debian_linux, Mediawiki | 9.8 |