CVE-2014-1610

NONECVSS 0.0

0.0

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

🔗 References (38)

cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
cve@mitrehttp://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
cve@mitrehttp://osvdb.org/102630
cve@mitrehttp://secunia.com/advisories/56695
cve@mitrehttp://secunia.com/advisories/57472
cve@mitrehttp://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
cve@mitrehttp://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
cve@mitrehttp://www.debian.org/security/2014/dsa-2891
cve@mitrehttp://www.exploit-db.com/exploits/31329/
cve@mitrehttp://www.osvdb.org/102631
cve@mitrehttp://www.securityfocus.com/bid/65223
cve@mitrehttp://www.securitytracker.com/id/1029707
cve@mitrehttps://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
cve@mitrehttps://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff

Is Your Infrastructure Affected by CVE-2014-1610?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-1610

📅 Published

🔄 Last Modified

🔗 References (38)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-1610?