Search for vulnerabilities
Vulnerability details: VCID-b2rj-mwkb-k7e4
Vulnerability ID VCID-b2rj-mwkb-k7e4
Aliases CVE-2019-19709
GHSA-pjv5-vv93-p648
Summary Possible to circumvent title-blacklist MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
System Score Found at
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2019-19709
cvssv3.1 6.1 https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
generic_textual MODERATE https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
cvssv3.1 6.1 https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
cvssv3.1 6.1 https://github.com/wikimedia/mediawiki
generic_textual MODERATE https://github.com/wikimedia/mediawiki
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-19709
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-19709
cvssv3.1 6.1 https://phabricator.wikimedia.org/T239466
generic_textual MODERATE https://phabricator.wikimedia.org/T239466
cvssv3.1 6.1 https://seclists.org/bugtraq/2019/Dec/48
generic_textual MODERATE https://seclists.org/bugtraq/2019/Dec/48
cvssv3.1 6.1 https://www.debian.org/security/2019/dsa-4592
generic_textual MODERATE https://www.debian.org/security/2019/dsa-4592
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-19709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709
https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
https://github.com/wikimedia/mediawiki
https://nvd.nist.gov/vuln/detail/CVE-2019-19709
https://phabricator.wikimedia.org/T239466
https://seclists.org/bugtraq/2019/Dec/48
https://www.debian.org/security/2019/dsa-4592
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/wikimedia/mediawiki
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19709
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://phabricator.wikimedia.org/T239466
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://seclists.org/bugtraq/2019/Dec/48
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.debian.org/security/2019/dsa-4592
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.53978
EPSS Score 0.00315
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:28:00.437479+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pjv5-vv93-p648/GHSA-pjv5-vv93-p648.json 36.1.3