CVE-2020-26121

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.34.4 FileImporter extension for MediaWiki versions prior to 1.34.4

Description An issue in the FileImporter extension allows an attacker to import a file into a protected page, bypassing "page creation" restrictions. This occurs due to a mishandled distinction between upload and create restrictions. The attacker cannot overwrite existing content but can force a wiki to have a page with a disallowed title.

Recommendations For MediaWiki versions prior to 1.34.4, update to version 1.34.4 or later to resolve the issue. For the FileImporter extension, update to a version compatible with MediaWiki 1.34.4 or later to fix the problem.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2020-3022

ALT-PU-2020-3055

BIT-MEDIAWIKI-2020-26121

CVE-2020-26121

Affected Products

Alt Linux

Fileimporter Extension

Mediawiki

CVE-2020-26121

Weakness Enumeration

Related Identifiers

Affected Products

References · 7