Skip to main content
CVE-2013-4301 MEDIUM POC This Month

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4122 MEDIUM POC This Month

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Cyrus Sasl
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-4302 MEDIUM PATCH This Month

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation CSRF Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy