Main Vulnerability Database Exploits ID:4043 - Exploit for Input validation error in MediaWiki - CVE-2014-1610

ID:4043 - Exploit for Input validation error in MediaWiki - CVE-2014-1610

Published: August 11, 2020

Vulnerability identifier: #VU42094

Vulnerability risk: Low

CVE-ID: CVE-2014-1610

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
MediaWiki

Link to public exploit:

https://www.exploit-db.com/exploits/31767/

Vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Remediation

Install update from vendor's website.

ID:4043 - Exploit for Input validation error in MediaWiki - CVE-2014-1610

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human