Unrated severityNVD Advisory· Published Apr 4, 2022· Updated Apr 23, 2025

Authentication Bypass Using an Alternate Path or Channel in CreateWiki

CVE-2022-24813

Description

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository.

Affected products

Miraheze/Createwikiv5
Range: < d0ae79843d689832ccac765d6b1721e668d99ab9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9mitrex_refsource_MISC
github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvgmitrex_refsource_CONFIRM
phabricator.miraheze.org/T9018mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000