Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2015-8627

  • EPSS 0.43%
  • Veröffentlicht 23.03.2017 20:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an...

5.3

CVE-2015-8628

  • EPSS 0.44%
  • Veröffentlicht 23.03.2017 20:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attacker...

5

CVE-2015-8005

  • EPSS 0.25%
  • Veröffentlicht 09.11.2015 18:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

4

CVE-2015-8004

  • EPSS 0.16%
  • Veröffentlicht 09.11.2015 18:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revision...

6.8

CVE-2015-8003

  • EPSS 0.52%
  • Veröffentlicht 09.11.2015 18:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

6.8

CVE-2015-8002

  • EPSS 0.52%
  • Veröffentlicht 09.11.2015 18:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

3.5

CVE-2015-8001

  • EPSS 0.32%
  • Veröffentlicht 09.11.2015 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a ch...

4.3

CVE-2015-6734

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web ...

5

CVE-2015-6733

  • EPSS 1.49%
  • Veröffentlicht 01.09.2015 14:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

4.3

CVE-2015-6730

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an ...