The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediawiki
APPMediawiki≤ 1.37.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Powiązane podatności
CVE-2024-34502CRITICAL9.8PL ✓ten sam produkt
CSRF w WikibaseLexeme (MediaWiki) — nieuprawnione scalanie leksemów
CVE-2023-37303CRITICAL9.8ten sam produkt
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an att...
CVE-2023-29141CRITICAL9.8ten sam produkt
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1....
CVE-2022-29906CRITICAL9.8ten sam produkt
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa1...
CVE-2022-28209CRITICAL9.8ten sam produkt
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the An...