| Vulnerability Name: | CVE-2014-1610 (CCN-90808) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2014-01-28 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2014-01-28 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2016-05-25 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-1610 Source: FEDORA Type: UNKNOWN FEDORA-2014-1802 Source: FEDORA Type: UNKNOWN FEDORA-2014-1745 Source: CCN Type: MediaWiki Mailing List, Tue Jan 28 21:27:50 UTC 2014 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11 Source: MLIST Type: Vendor Advisory [MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11 Source: OSVDB Type: UNKNOWN 102630 Source: CCN Type: SA56695 MediaWiki Two Code Execution Vulnerabilities Source: SECUNIA Type: Vendor Advisory 56695 Source: SECUNIA Type: UNKNOWN 57472 Source: MISC Type: UNKNOWN http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html Source: MISC Type: UNKNOWN http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html Source: DEBIAN Type: UNKNOWN DSA-2891 Source: EXPLOIT-DB Type: UNKNOWN 31329 Source: CCN Type: MediaWiki Web site MediaWiki Source: OSVDB Type: UNKNOWN 102631 Source: BID Type: UNKNOWN 65223 Source: CCN Type: BID-65223 MediaWiki Multiple Remote Code Execution Vulnerabilities Source: SECTRACK Type: UNKNOWN 1029707 Source: MISC Type: UNKNOWN https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff Source: MISC Type: UNKNOWN https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff Source: CONFIRM Type: UNKNOWN https://bugzilla.wikimedia.org/show_bug.cgi?id=60339 Source: XF Type: UNKNOWN mediawiki-cve20141610-code-exec(90808) Source: MISC Type: Vendor Advisory https://gerrit.wikimedia.org/r/#/c/110069/ Source: MISC Type: UNKNOWN https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php Source: MISC Type: UNKNOWN https://gerrit.wikimedia.org/r/#/c/110215/ Source: CCN Type: Packet Storm Security [02-03-2014] MediaWiki 1.22.1 PdfHandler Remote Code Execution Source: CCN Type: Packet Storm Security [02-19-2014] MediaWiki Thumb.php Remote Command Execution Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-01-2014] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-19-2014] Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-1610 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||