SQL Injection in The Wikimedia Foundation Mediawiki Cargo Extension

CVE-2025-62655

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

Vulnerability class: SQL Injection

EPSS: 0.002 (16.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References