3 matches found
CVE-2022-29904
The SemanticDrilldown extension for MediaWiki through 1.37.2 before e688bdba6434591b5dff689a45e4d53459954773 allows SQL injection with certain '-' and '' constraints...
MediaWiki Semantic Drilldown SQL Injection (CVE-2022-29904)
An SQL injection vulnerability exists in MediaWiki Semantic Drilldown. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2022-29904
CVE-2022-29904 affects the SemanticDrilldown extension for MediaWiki up to version 1.37.2 (pre-commit e688bdba6434591b5dff689a45e4d53459954773) and enables a SQL injection when certain '-' and '_' constraints are used. The entry lists a high/severe impact with CVSS v3.1 base score 9.8 (CRITICAL) ...