Input validation error in MediaWiki
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-1610 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
MediaWiki Web applications / CMS |
| Vendor | MediaWiki.org |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU42094
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2014-1610
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
MitigationInstall update from vendor's website.
Vulnerable software versionsMediaWiki: 1.19.0 - 1.22.1
CPE2.3- cpe:2.3:a:mediawiki_org:mediawiki:1.19.10:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki_org:mediawiki:1.22.1:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
https://osvdb.org/102630
https://secunia.com/advisories/56695
https://secunia.com/advisories/57472
https://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
https://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
https://www.debian.org/security/2014/dsa-2891
https://www.exploit-db.com/exploits/31329/
https://www.osvdb.org/102631
https://www.securityfocus.com/bid/65223
https://www.securitytracker.com/id/1029707
https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
https://gerrit.wikimedia.org/r/#/c/110069/
https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
https://gerrit.wikimedia.org/r/#/c/110215/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
