CVE-2025-62655

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediaWiki Cargo extension1.39affected
The Wikimedia FoundationMediaWiki Cargo extension1.43affected
The Wikimedia FoundationMediaWiki Cargo extension1.44affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References