6 matches found
CVE-2020-29007
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...
CVE-2020-29007
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...
Remote code execution
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...
CVE-2020-29007
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...
CVE-2020-29007
The CVE-2020-29007 entry concerns MediaWiki’s Score extension up to version 0.3.0, where the vulnerability arises from improper sandboxing of the GNU LilyPond executable. This allows any user with article-edit capability—potentially unauthenticated users—to trigger remote code execution by crafti...
CVE-2020-29007
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...