Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42344
HistoryAug 06, 2023 - 4:15 p.m.

Remote Code Execution (RCE)

2023-08-0616:15:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
remote code execution
mediawiki
file uploads

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.6%

mediawiki is vulnerable to Remote Code Execution (RCE). This vulnerability occurs due to a flaw in the way that MediaWiki handles file uploads. An attacker can exploit this vulnerability to bypass file upload restrictions, which could allow them to upload malicious files to the MediaWiki server.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.6%