ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
References
Link | Resource |
---|---|
https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9 | Patch |
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7 | Vendor Advisory Mitigation |
https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability | Exploit Third Party Advisory |
https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability | Exploit Mitigation Third Party Advisory |
Configurations
History
19 Sep 2025, 15:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9 - Patch | |
References | () https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7 - Vendor Advisory, Mitigation | |
References | () https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability - Exploit, Third Party Advisory | |
References | () https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability - Exploit, Mitigation, Third Party Advisory | |
CPE | cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:* | |
First Time |
Miraheze managewiki
Miraheze |
12 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Apr 2025, 14:08
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Apr 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-21 21:15
Updated : 2025-09-19 15:47
NVD link : CVE-2025-32956
Mitre link : CVE-2025-32956
CVE.ORG link : CVE-2025-32956
JSON object : View
Products Affected
miraheze
- managewiki
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')