Lucene search
GoogleOSV:CVE-2020-26121HistorySep 27, 2020 - 9:15 p.m.
CVE-2020-26121
2020-09-2721:15:13
Google
osv.dev
7
fileimporter
mediawiki
security issue
page protection
upload restriction
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against “page creation” and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.
Related
prion
prion
Design/Logic Flaw
2020-09-27 21:15:00
cvelist
cvelist
CVE-2020-26121
2020-09-27 20:08:00
osv
osv
BIT-mediawiki-2020-26121
2024-03-06 11:13:50
redhatcve
redhatcve
CVE-2020-26121
2020-12-02 18:47:24
cve
cve
CVE-2020-26121
2020-09-27 21:15:13
nvd
nvd
CVE-2020-26121
2020-09-27 21:15:13
fedora
fedora
[SECURITY] Fedora 33 Update: php-zordius-lightncandy-1.2.5-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
openvas
openvas
Fedora: Security Advisory for mediawiki (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
Fedora: Security Advisory for php-oojs-oojs-ui (FEDORA-2020-a4802c53d9)
2020-12-14 00:00:00
nessus
nessus