CVE-2024-47849
CVE-2024-47849
8.8
HighPublished:
Last updated:
Source:c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- Low
- Integrity (Subsequent)
- Low
- Availability (Subsequent)
- None
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
References
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1055963c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
https://phabricator.wikimedia.org/T368628c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
https://phabricator.wikimedia.org/T370632