CVE-2025-32956

Опубликовано: 21 апр. 2025

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting $wgManageWiki['namespaces'] = false;.

Ссылки

https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9
Patch
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7
Mitigation
Vendor Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability
Exploit
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:*

Версия до 2025-04-20 (исключая)

EPSS

Процентиль: 19%

0.00062

Низкий

8 High

CVSS3

Дефекты

CWE-89