Wikimedia MediaWiki Springboard Extension Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in the Springboard extension for MediaWiki, specifically in the master branch. This vulnerability allows for remote code execution (RCE) by improperly validating parameters in the Springboard API, which can be exploited by anyone with access to the wiki's API.
Impact
Exploitation of this vulnerability allows for unauthenticated remote code execution on the server where MediaWiki is hosted.
Reproduction
The vulnerability can be reproduced by sending a request to the Springboard API with malicious payloads inserted into the sbname, sbtype, sbbranch, sbrepo, sbcommit, or sbaction parameters. These payloads are executed on the server, resulting in remote code execution.
Remediation
The Springboard API has been updated to include parameter validation and restrict access to users with the 'springboard' permission. However, the 'delete' function in the SpringboardAPI remains a potential vulnerability, as it is uncalled but could be exploited if activated.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.