Category:Extensions with SQL injection vulnerabilities
Administrators, please do not delete this category! This is a maintenance category which sometimes contains pages that are in need of attention. If the category is empty then this is a good thing. |
These extensions are known to contain SQL injection attack vulnerabilities, because it passes user input directly into SQL commands.
This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.
It is advised that these extensions are updated to make proper use of MediaWiki's database class instead of concatenating raw SQL.
To add an extension to this list, tag it with {{SQL injection alert }}.
This category currently contains no pages or media.