CVE-2022-28206

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...

CVE-2022-28206

CVE-2022-28206 affects MediaWiki up to 1.37.1 via ImportPlanValidator.php in the FileImporter extension, which mishandles the edit-rights check. The provided documents do not include exploitation details or a confirmed patch/version, and no remediation is specified.

CVE-2021-45474

In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter...

Design/Logic Flaw

In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter...

UBUNTU-CVE-2021-45474

In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter...

CVE-2021-45474

In MediaWiki up to 1.37, the Special:ImportFile (FileImporter) accepts the clientUrl parameter without proper escaping, allowing cross-site scripting (XSS). The root cause is insufficient sanitization of the clientUrl input in the ImportFile workflow. The CVE entry documents this vulnerability an...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-49043)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the FileImporter extension of MediaWiki prior to 1.36, which stems from...

CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

Design/Logic Flaw

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

CVE-2021-36132

CVE-2021-36132 affects MediaWiki’s FileImporter extension (up to and including 1.36). The root cause is relaxed configurations of $wgFileImporterRequiredRight that fail to validate all relevant user rights, allowing a user with insufficient rights to upload files. Impact described in the linked a...

CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the FileImporter extension of MediaWiki prior to 1.36, which stems from...

MediaWiki <= 1.35.0 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

Code injection

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

CVE-2020-27621

The CVE-2020-27621 issue affects MediaWiki’s FileImporter extension (up to version 1.35.0). The root cause is improper attribution of user actions to the correct IP, reporting the internal Wikimedia server IP by omitting X-Forwarded-For. Consequences include broken action auditing and attribution...

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

PT-2020-16728 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.0 Description: The issue concerns the FileImporter extension, which failed to properly attribute user actions to a specific user's IP address. It would report the IP address of an internal server instead, by...