MediaWiki

This is a security and bugfix release of MediaWiki 1.15.4 and MediaWiki 1.16 beta 3. Two security vulnerabilities were discovered.

These vulnerabilities are serious and all users are advised to upgrade. Remember that CSRF and XSS vulnerabilities can be used even against firewall-protected intranet installations, as long as the attacker can guess the URL.

More information here.

This book covers how to administer users, back up and restore content safely, migrate your installation to another server or database, and even make hacks to the code. From the installation process to customizing the pages, you will learn what it takes to run a well designed, secure MediaWiki site.

 

This is a security and bugfix release of MediaWiki.

MediaWiki was found to be vulnerable to login CSRF. An attacker who controls a user account on the target wiki can force the victim to log in as the attacker, via a script on an external website. If the wiki is configured to allow user scripts, say with "$wgAllowUserJs = true" in LocalSettings.php, then the attacker can proceed to mount a phishing-style attack against the victim to obtain their password.

Front-end interface screenshot: 
Back-end interface screenshot: 
Presentation: 

MediaWiki is a web-based wiki software application used by all projects of the Wikimedia Foundation, and many other wikis. It is written in the PHP programming language. Originally developed to serve the needs of the free content Wikipedia encyclopedia, today it has also been deployed by companies for internal knowledge management, and as a content management system. Notably, Novell uses it to operate several of its high-traffic websites. As of 2009, more than 2,000 wiki sites used MediaWiki.

MediaWiki is designed to handle a large number of users and pages without imposing too rigid a structure or workflow.

Type: 
Wiki
Latest release: 
1.15.4 - May 28, 2010
License: 
GPL
Available modules and features: 
Articles
Available modules and features: 
Wiki
PHP version required: 
4.x or greater
Database compatibility: 
MySQL
Native language: 
English
Translated To: 
Many (view the CMS website for complete list)
Multilinguage support: 
Yes

User login