Category:Extensions with SQL injection vulnerabilities

From MediaWiki.org
Jump to navigation Jump to search

Other languages:
English • ‎日本語

These extensions are known to contain SQL injection attack vulnerabilities, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.

It is advised that these extensions are updated to make proper use of MediaWiki's database class instead of concatenating raw SQL.

To add an extension to this list, tag it with {{SQL injection alert}}.

Pages in category "Extensions with SQL injection vulnerabilities"

This category contains only the following page.