Remote Code Execution Vulnerability in MediaWiki PandocUpload Extension - CVE-2023-35333ID: oval:org.secpod.oval:def:90932 | Date: (C)2023-07-13 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability. An authenticated attacker could exploit this vulnerability by uploading a file with the destination name as a malicious payload due to shell arguments not being properly escaped. When successfully exploited this could allow the malicious actor to perform remote code execution.
Product: |
MediaWiki PandocUpload Extension |