CVE-2014-1610 in MediaWikiالمعلومات

الملخص

بحسب MITRE

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

حجز

19/01/2014

إفشاء

30/01/2014

الاعتدال

تمت الموافقة

إدخال

2

ربط

عرض

استغلال

تحميل

EPSS

0.42777

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to know what is going to be exploited?

We predict KEV entries!