14 matches found
EUVD-2015-8501
Malware in sbrugna...
CVE-2024-34502
CVE-2024-34502 affects WikibaseLexeme in MediaWiki up to specific versions: before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The flaw allows Special:MergeLexemes to trigger an edit merging the from-id into the to-id even when the request is not POST and lacks an edit token, effectiv...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from a MergeL example editing a GET...
MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2021-09325)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...
CVE-2020-29004
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...
MediaWiki 跨站请求伪造漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...
PT-2021-11621 · Mediawiki +1 · Mediawiki Push Extension +1
Name of the Vulnerable Software and Affected Versions: MediaWiki Push extension versions through 1.35 Description: The issue concerns a lack of required edit token in the API of the Push extension for MediaWiki, specifically in ApiPushBase.php. This omission facilitates a CSRF attack...
Cross site request forgery (csrf)
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...
UBUNTU-CVE-2015-8623
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...
CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...
CVE-2015-8623
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...
Cross site request forgery (csrf)
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...
DEBIAN-CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...
mediawiki -- multiple vulnerabilities
MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...