CVE-2020-29007

EPSS 17.36% · P95 Updated Feb 07, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-29007

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

LilyPond 代码注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

LilyPond是一套开源的音乐雕版软件。 LilyPond 0.3.0及之前版本存在安全漏洞，该漏洞源于存在远程代码执行漏洞，攻击者利用该漏洞可以通过使用精心制作的数据生成包含恶意代码的乐谱来执行任意Scheme或shell代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-29007

#	POC Description	Source Link	Shenlong Link
1	Remote code execution in Mediawiki Score	https://github.com/seqred-s-a/cve-2020-29007	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-29007

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-04-15 · 35 CVEs total

CVE-2023-2107	6.3 MEDIUM	IBOS del&op=recycle sql injection
CVE-2015-10101	3.5 LOW	Google Analytics Top Content Widget Plugin class-tgm-plugin-activation.php cross site scri
CVE-2021-43612		lldpd 缓冲区错误漏洞
CVE-2022-43698		Open-Xchange OX App Suite 代码问题漏洞
CVE-2020-17354		LilyPond 安全漏洞
CVE-2021-39295		Intel Integrated Baseboard Management Controller 资源管理错误漏洞
CVE-2021-34337		GNU Mailman 安全漏洞
CVE-2021-30153		MediaWiki 信息泄露漏洞
CVE-2022-47522		SonicWall SonicWave Secure Wireless Access Points 安全漏洞
CVE-2022-45030		rConfig SQL注入漏洞
CVE-2022-43699		Open-Xchange OX App Suite 代码问题漏洞
CVE-2023-24607		Qt 6 安全漏洞
CVE-2023-22670		Siemens Solid Edge 缓冲区错误漏洞
CVE-2023-22669		Siemens Solid Edge 缓冲区错误漏洞
CVE-2022-48178		X2Engine X2CRM 跨站脚本漏洞
CVE-2022-48177		X2Engine X2CRM 跨站脚本漏洞
CVE-2022-43696		Open-Xchange OX App Suite 跨站脚本漏洞
CVE-2022-43697		Open-Xchange OX App Suite 跨站脚本漏洞
CVE-2018-15472		GitLab 安全漏洞
CVE-2018-17449		GitLab 安全漏洞

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-29007

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-29007

I. Basic Information for CVE-2020-29007

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-29007

III. Intelligence Information for CVE-2020-29007

Same Patch Batch · n/a · 2023-04-15 · 35 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-29007

Leave a comment