CVE-2020-35625

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.

Published: Dec 22, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-35625
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	-	1.35.1.x

https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb
https://phabricator.wikimedia.org/T269718

Vulnerability Database

290,206

CVE-2020-35625