CVE-2020-35625

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.1 Widgets extension for MediaWiki versions through 1.35.1

Description An issue was discovered in the Widgets extension for MediaWiki, where any user with the ability to edit pages within the Widgets namespace could call any static function within any class via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use MediaWikiShellShell::command within a comment.

Recommendations For MediaWiki versions through 1.35.1, consider restricting access to the Widgets namespace to prevent exploitation. For the Widgets extension, as a temporary workaround, consider disabling the ability to edit pages within the Widgets namespace until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALT-PU-2021-1712

ALT-PU-2021-2069

ALT-PU-2021-2091

ALT-PU-2021-2092

BIT-MEDIAWIKI-2020-35625

CVE-2020-35625

Affected Products

Alt Linux

Mediawiki

Widgets Extension

CVE-2020-35625

Weakness Enumeration

Related Identifiers

Affected Products

References · 6