PT-2026-54933 · Wikimedia Foundation · Time-Line-
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-8857
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wikimedia Foundation timeline versions prior to 1.46.0
Wikimedia Foundation timeline versions prior to 1.45.4
Wikimedia Foundation timeline versions prior to 1.44.6
Wikimedia Foundation timeline versions prior to 1.43.9
Description
An issue exists in the Wikimedia Foundation timeline associated with the program files
scripts/EasyTimeline.Pl and includes/Timeline.Php that allows for Remote Code Execution (RCE), a state where an attacker can execute arbitrary commands on the host machine.Recommendations
Update to version 1.46.0 or later.
Update to version 1.45.4 or later.
Update to version 1.44.6 or later.
Update to version 1.43.9 or later.
As a temporary mitigation, restrict access to the
scripts/EasyTimeline.Pl and includes/Timeline.Php files.Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Time-Line-