Back to search
CVE-2020-26121
Published: Sep 27, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://phabricator.wikimedia.org/T262628
x_refsource_MISC
FEDORA-2020-a4802c53d9
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now