MediaWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2022-29904 - Vulnerability Database

MediaWiki

MediaWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2022-29904

Critical

Reference: CVE-2022-29904

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-29904

Title: MediaWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain 39-39 and 39_39 constraints.