SQL Injection in The Wikimedia Foundation Mediawiki Cargo Extension
CVE-2025-62655
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Vulnerability class: SQL Injection
EPSS: 0.002 (16.0th percentile) — read the EPSS interpretation.
Affected products
- The Wikimedia Foundation Mediawiki Cargo Extension — versions 1.39, 1.43, 1.44