Description

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

Remediation

References

CVE-2022-29904

Related Vulnerabilities

Drupal Core 8.6.x Directory Traversal (8.6.0 - 8.6.15)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)

Severity

Critical

Classification

CVE-2022-29904 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities