CVE-2025-32956

Name of the Vulnerable Software and Affected Versions ManageWiki versions before commit f504ed8

Description The issue is related to SQL injection when renaming a namespace in Special:ManageWiki/namespaces, specifically when using a page prefix with an injection payload. This occurs in ManageWiki, a MediaWiki extension for managing wikis.

Recommendations For versions before commit f504ed8, as a temporary workaround, consider setting $wgManageWiki['namespaces'] = false; to mitigate the risk of SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it has been patched in commit f504ed8.