Mediawiki : Security Vulnerabilities, CVEs, Published In 2018
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
Max CVSS
5.3
EPSS Score
0.32%
Published
2018-10-04
Updated
2018-11-23
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
Max CVSS
6.5
EPSS Score
1.41%
Published
2018-10-04
Updated
2019-10-18
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-10-04
Updated
2019-10-29
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
Max CVSS
4.3
EPSS Score
0.41%
Published
2018-10-04
Updated
2019-10-18
CVE-2017-0372
Public exploit
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Max CVSS
9.8
EPSS Score
88.62%
Published
2018-04-13
Updated
2018-05-17
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
Max CVSS
6.5
EPSS Score
0.10%
Published
2018-04-13
Updated
2019-10-03
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Max CVSS
8.8
EPSS Score
0.19%
Published
2018-04-13
Updated
2019-10-03
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
Max CVSS
5.4
EPSS Score
0.13%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
Max CVSS
4.7
EPSS Score
0.09%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
Max CVSS
6.1
EPSS Score
0.21%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
Max CVSS
6.1
EPSS Score
0.21%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
Max CVSS
8.8
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-15
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-04-13
Updated
2018-05-14
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
Max CVSS
5.3
EPSS Score
0.21%
Published
2018-04-16
Updated
2018-05-18
16 vulnerabilities found