Vulnerability Details : CVE-2014-1610
Public exploit exists!
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
Vulnerability category: Input validation
Products affected by CVE-2014-1610
- cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1610
6.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-1610
-
MediaWiki Thumb.php Remote Command Execution
Disclosure Date: 2014-01-28First seen: 2020-04-26exploit/multi/http/mediawiki_thumbMediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote unauthenticated users to execute arbitrary commands via shell metacharacters. If no target file is specified this module will atte
CVSS scores for CVE-2014-1610
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2014-1610
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1610
-
https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
⚓ T62339 Reported RCE in djvu thumbnailing
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
[SECURITY] Fedora 19 Update: mediawiki-1.21.5-1.fc19
-
http://www.securitytracker.com/id/1029707
MediaWiki Input Validation Flaws Let Remote Authenticated Users Execute Arbitrary Shell Commands - SecurityTracker
-
http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
THREATCLOUD INTELLIGENCE
-
https://gerrit.wikimedia.org/r/#/c/110215/
Change Id124281d: SECURITY: Sanitize shell command args | gerrit.wikimedia Code Review
-
http://www.exploit-db.com/exploits/31329/
MediaWiki 1.22.1 PdfHandler - Remote Code Execution - Multiple webapps Exploit
-
https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
Bitmap.php | gerrit.wikimedia Code Review
-
http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
cpai-26-jan | Check Point Software
-
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
[MediaWiki-announce] MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11Vendor Advisory
-
http://www.securityfocus.com/bid/65223
MediaWiki Multiple Remote Code Execution Vulnerabilities
-
https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
404 Not Found
-
http://www.debian.org/security/2014/dsa-2891
Debian -- Security Information -- DSA-2891-1 mediawiki, mediawiki-extensions
-
https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
404 Not Found
-
https://gerrit.wikimedia.org/r/#/c/110069/
Change Id124281d: SECURITY: Sanitize shell command args | gerrit.wikimedia Code ReviewVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
[SECURITY] Fedora 20 Update: mediawiki-1.21.5-1.fc20
Jump to