Lucene search

K

MitreCVELIST:CVE-2014-1610

HistoryJan 30, 2014 - 11:00 p.m.

CVE-2014-1610

2014-01-3023:00:00

mitre

www.cve.org

7 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

References

lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html

lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html

osvdb.org/102630

secunia.com/advisories/56695

secunia.com/advisories/57472

www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html

www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html

www.debian.org/security/2014/dsa-2891

www.exploit-db.com/exploits/31329/

www.osvdb.org/102631

www.securityfocus.com/bid/65223

www.securitytracker.com/id/1029707

bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff

bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff

bugzilla.wikimedia.org/show_bug.cgi?id=60339

gerrit.wikimedia.org/r/#/c/110069/

gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php

gerrit.wikimedia.org/r/#/c/110215/

7 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

Related for CVELIST:CVE-2014-1610

zdt3 nessus7 seebug2 packetstorm2 nvd1 prion1 ubuntucve1 checkpoint_advisories1 dsquare1 thn1 exploitpack1 cve1 metasploit1 debiancve1 exploitdb2 openvas31 fedora23 mageia1 securityvulns2 debian3 osv1 gentoo1