PT-2023-11773 · Mediawiki · The Score Extension

Maciej Miszczyk

Published

2023-04-15

Updated

2023-04-26

CVE-2020-29007

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Score extension for MediaWiki versions through 0.3.0

Description The issue is related to improper sandboxing of the GNU LilyPond executable, leading to a remote code execution vulnerability. This vulnerability allows any user with the ability to edit articles, potentially including unauthenticated anonymous users, to execute arbitrary Scheme or shell code. The exploitation occurs through crafted {{Image data used to generate musical scores containing malicious code.

Recommendations For The Score extension for MediaWiki versions through 0.3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-29007

Affected Products

The Score Extension

PT-2023-11773 · Mediawiki · The Score Extension

CVE-2020-29007

Weakness Enumeration

Related Identifiers

Affected Products

References · 8