Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-35625

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.

Published

2020-12-21T23:15:12.530

Last Modified

2024-11-21T05:27:43.503

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mediawiki	mediawiki	≤ 1.35.1	Yes

References

https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb Third Party Advisory ([email protected])
https://phabricator.wikimedia.org/T269718 Third Party Advisory ([email protected])
https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://phabricator.wikimedia.org/T269718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)