NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Keyword (text search): cpe:2.3:a:mediawiki:mediawiki:1.31.0:rc1:*:*:*:*:*:*
CPE Name Search: true

There are 166 matching records.

Displaying matches 161 through 166.

Vuln ID	Summary	CVSS Severity
CVE-2019-12468	An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. Published: July 10, 2019; 11:15:12 AM -0400	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2019-12467	MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Published: July 10, 2019; 11:15:12 AM -0400	V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM
CVE-2018-13258	Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. Published: October 04, 2018; 4:29:00 PM -0400	V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM
CVE-2018-0505	Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock Published: October 04, 2018; 4:29:00 PM -0400	V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM
CVE-2018-0504	Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid Published: October 04, 2018; 4:29:00 PM -0400	V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM
CVE-2018-0503	Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. Published: October 04, 2018; 4:29:00 PM -0400	V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM