Detections
Analytics
CVE-2014-1610
critical
Description
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
References
https://gerrit.wikimedia.org/r/#/c/110215/
https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
https://gerrit.wikimedia.org/r/#/c/110069/
https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
http://www.securitytracker.com/id/1029707
http://www.securityfocus.com/bid/65223
http://www.exploit-db.com/exploits/31329/
http://www.debian.org/security/2014/dsa-2891
http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
http://secunia.com/advisories/57472
http://secunia.com/advisories/56695
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html