6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.083 Low
EPSS
Percentile
94.4%
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
osvdb.org/102630
secunia.com/advisories/56695
secunia.com/advisories/57472
www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
www.debian.org/security/2014/dsa-2891
www.exploit-db.com/exploits/31329/
www.osvdb.org/102631
www.securityfocus.com/bid/65223
www.securitytracker.com/id/1029707
bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
bugzilla.wikimedia.org/show_bug.cgi?id=60339
gerrit.wikimedia.org/r/#/c/110069/
gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
gerrit.wikimedia.org/r/#/c/110215/