SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the start and end request parameters in CargoExport.php. An attacker can execute arbitrary SQL commands by submitting crafted input to the affected endpoint. Remediation Upgrade mediawiki/cargo to version 3.8.4 or...