CRITICAL🇵🇱 Wersja polska

CVE-2022-29904

CVSS 9.8v3.1pub. 2022-04-29upd. 2024-11-21

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediawiki

    APP
    Mediawiki
    ≤ 1.37.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34502CRITICAL9.8PL ✓ten sam produkt

CSRF w WikibaseLexeme (MediaWiki) — nieuprawnione scalanie leksemów

CVE-2023-37303CRITICAL9.8ten sam produkt

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an att...

CVE-2023-29141CRITICAL9.8ten sam produkt

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1....

CVE-2022-29906CRITICAL9.8ten sam produkt

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa1...

CVE-2022-28209CRITICAL9.8ten sam produkt

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the An...