SQL Injection Vulnerability in ManageWiki MediaWiki Extension

CVE-2025-32956

What is CVE-2025-32956?

ManageWiki, a MediaWiki extension for managing wikis, is susceptible to SQL injection when renaming a namespace under certain conditions. This occurs in the Special:ManageWiki/namespaces management feature, particularly when a page prefix is used alongside an injection payload. The vulnerability exists in all versions before commit f504ed8. To mitigate the issue, users can disable namespace management by setting $wgManageWiki['namespaces'] = false;. A patch addressing this vulnerability has been introduced in commit f504ed8, enhancing the security of the extension.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References