CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

CVE-2022-39193

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression...

CVE-2023-22912

CVE-2023-22912 affects MediaWiki releases prior to 1.35.9, 1.36.x up to 1.38.x before 1.38.5, and 1.39.x before 1.39.1. The CheckUser TokenManager uses AES-CTR with a repeated nonce, enabling an adversary to decrypt data. Impact is confidentiality of tokens, with network-based exposure and no exp...

CVE-2022-39193

Summary: CVE-2022-39193 affects the MediaWiki CheckUser extension (through 1.39.x). The vulnerability concerns disclosure of sensitivity about editors: various components of CheckUser can expose information about the performer of edits and logged actions, information that should be viewable only ...

PT-2023-13711 · Mediawiki · Mediawiki Checkuser Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.x Description: An issue in the CheckUser extension for MediaWiki exposes information on the performer of edits and logged actions, which should only be viewable by users with suppression or...

MediaWiki < 1.35.9, 1.38.0 < 1.38.5, 1.39.0 < 1.39.1 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

MediaWiki < 1.35.9, 1.38.0 < 1.38.5, 1.39.0 < 1.39.1 Information Disclosure Vulnerability - Linux

MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-18081

The CVE-2020-18081 entry concerns SEMCMS 3.8, where the checkuser function is vulnerable to an access-control/SQL query flaw that can disclose plaintext passwords. The vulnerability allows an attacker to obtain passwords via a crafted SQL query, with network access and no authentication required ...

SEMCMS SQL注入漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS suffers from an Access Control Error vulnerability, which stems from a vulnerability found in the checkuser function, which can be exploited by an attacker to obtain passwords in plaintext via a S...

MediaWiki code issue vulnerability (CNVD-2021-35232)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A code issue vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from the...

CVE-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

CVE-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

Format string

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

CVE-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

CVE-2021-31553

CVE-2021-31553 affects MediaWiki with the CheckUser extension up to 1.35.2. The issue arises when usernames with trailing whitespace are stored in the cu_log table, enabling denial of service on certain CheckUser pages and functionality. The example impact is interference with usage tracking by p...

PT-2021-19424 · Mediawiki +1 · Checkuser Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages...

MediaWiki 代码问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A code issue vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from the...