Improper Neutralization of Special Elements used in an... · CVE-2025-62655 · GitHub Advisory Database · GitHub

Improper Neutralization of Special Elements used in an...

Low severity Unreviewed Published Oct 18, 2025 to the GitHub Advisory Database • Updated Oct 18, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

References

Published by the National Vulnerability Database

Oct 17, 2025

Published to the GitHub Advisory Database Oct 18, 2025

Last updated Oct 18, 2025

Severity

Low

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity High

Attack Requirements Present

Privileges Required Low

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality Low

Integrity Low

Availability Low

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber