SQL injection in Cargo via Special:CargoExport_CVE-2025-62655

2.1 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

Basic Information

ID CVE-2025-62655

Source wikimedia-foundation

Published Oct 17, 2025 at 22:46

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki Cargo extension

Version 1.39

Affected Versions The Wikimedia Foundation MediaWiki Cargo extension 1.39
The Wikimedia Foundation MediaWiki Cargo extension 1.43
The Wikimedia Foundation MediaWiki Cargo extension 1.44

CWE Classification

CWE-89

References

phabricator.wikimedia.org /T404016

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.",
    "published": "2025-10-17T22:46:28.849Z",
    "modified": "2025-10-17T22:46:28.849Z",
    "type": "cve",
    "title": "SQL injection in Cargo via Special:CargoExport",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T404016",
    "id": "CVE-2025-62655",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki Cargo extension 1.39\nThe Wikimedia Foundation MediaWiki Cargo extension 1.43\nThe Wikimedia Foundation MediaWiki Cargo extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 2.1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki Cargo extension",
    "version": "1.39",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}