Main Vulnerability Database Vulnerabilities #VU42368

Input validation error in MediaWiki - CVE-2013-2114

Published: November 18, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42368

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-2114

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html

How to mitigate CVE-2013-2114

Install update from vendor's website.

Input validation error in MediaWiki - CVE-2013-2114

Detailed vulnerability description

How to mitigate CVE-2013-2114

Sources

Please verify you're human