Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection.
This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4.
This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4. | |
| Title | SQLi in Cargo extension via year range filter | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T17:58:23.995Z
Reserved: 2026-07-01T03:40:44.769Z
Link: CVE-2026-58521
Updated: 2026-07-01T17:58:17.300Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses