Login Sign Up

CVE-2020-19278

8.8 HIGH
Remote Code Execution Authentication Bypass CSRF

📋 TL;DR

CVE-2020-19278 is a Cross-Site Request Forgery (CSRF) vulnerability in Phachon mm-wiki v0.1.2 that allows attackers to trick authenticated users into executing unauthorized actions. This can lead to arbitrary code execution via the system/user/save parameter. Organizations running mm-wiki v0.1.2 are affected.

💻 Affected Systems

Products:
  • Phachon mm-wiki
Versions: v0.1.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects mm-wiki v0.1.2; requires authenticated user sessions for exploitation.

📦 What is this software?

Mm Wiki by Mm Wiki Project

View all CVEs affecting Mm Wiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full system control through arbitrary code execution, potentially compromising the entire server and data.

🟠

Likely Case

Attacker modifies user accounts, escalates privileges, or executes limited commands through authenticated user sessions.

🟢

If Mitigated

With proper CSRF protections, exploitation requires additional social engineering and may only affect individual user sessions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking authenticated users into visiting malicious pages; proof-of-concept available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.1.3 or later

Vendor Advisory: https://github.com/phachon/mm-wiki/issues/68

Restart Required: Yes

Instructions:

1. Backup your mm-wiki data and configuration. 2. Download and install mm-wiki v0.1.3 or later from GitHub. 3. Replace the existing installation with the new version. 4. Restart the mm-wiki service.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to all forms and validate them server-side.

Restrict Access

linux

Limit mm-wiki access to trusted networks using firewall rules.

iptables -A INPUT -p tcp --dport [mm-wiki-port] -s [trusted-ip-range] -j ACCEPT
iptables -A INPUT -p tcp --dport [mm-wiki-port] -j DROP

🧯 If You Can't Patch

  • Deploy a web application firewall (WAF) with CSRF protection rules.
  • Monitor and audit all user/save parameter requests for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check mm-wiki version in admin panel or configuration files; if version is exactly 0.1.2, system is vulnerable.

Check Version:

grep -r 'version' /path/to/mm-wiki/config/ or check web interface admin panel

Verify Fix Applied:

Verify version is 0.1.3 or higher and test CSRF protection by attempting to submit forms without valid tokens.

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to system/user/save from unusual IPs
  • User account modifications without corresponding user actions

Network Indicators:

  • Unusual HTTP POST traffic to system/user/save endpoint
  • Requests lacking Referer headers or CSRF tokens

SIEM Query:

source="mm-wiki.log" AND (uri="/system/user/save" AND method="POST") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2020-19278
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: April 4, 2023
Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19278, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)