Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MediaWiki 安全漏洞
Vulnerability Description
MediaWiki是美国MediaWiki(维基媒体)基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki 1.35.1版本及之前版本存在安全漏洞,该漏洞源于Widgets extension任何有能力在小部件命名空间中编辑页面的用户都可以通过一个与Smarty模板相关的HTML注释调用任何类(在PHP或MediaWiki中定义)中的任何静态函数。
CVSS Information
N/A
Vulnerability Type
N/A