CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

Published: May 5, 2024
Updated: Jun 18, 2025
CVE: CVE-2024-34506
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	1.41.0	1.41.1
mediawiki / mediawiki	-	1.39.7
mediawiki / mediawiki	1.40.0	1.40.3
fedoraproject / fedora	40	40.x

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T357760

Vulnerability Database

289,697

CVE-2024-34506