CVE-2014-1610 in MediaWikiinformação

Sumário

de MITRE

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

19/01/2014

Divulgação

30/01/2014

Moderação

aceite

Entrada

2

Relacionar

mostrar

CPE

pronto

Exploração

Descarregar

EPSS

0.42777

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!