Category:Extensions with SQL injection vulnerabilities

From MediaWiki.org
Jump to navigation Jump to search
Other languages:
English

These extensions are known to contain SQL injection attack vulnerabilities, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.

It is advised that these extensions are updated to make proper use of MediaWiki's database class instead of concatenating raw SQL.

To add an extension to this list, tag it with {{SQL injection alert}}.

Pages in category "Extensions with SQL injection vulnerabilities"

This category contains only the following page.