QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-1610

Back to search

CVE-2014-1610

Published: Jan 30, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

31329
exploit
x_refsource_EXPLOIT-DB
57472
third-party-advisory
x_refsource_SECUNIA
DSA-2891
vendor-advisory
x_refsource_DEBIAN
1029707
vdb-entry
x_refsource_SECTRACK
65223
vdb-entry
x_refsource_BID
FEDORA-2014-1802
vendor-advisory
x_refsource_FEDORA
102631
vdb-entry
x_refsource_OSVDB
56695
third-party-advisory
x_refsource_SECUNIA
102630
vdb-entry
x_refsource_OSVDB
FEDORA-2014-1745
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now