Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2014-1610 | First vendor Publication | 2014-01-30 |
Vendor | Cve | Last vendor Modification | 2016-05-25 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-02-19 | MediaWiki Thumb.php Remote Command Execution |
2014-02-01 | MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-06 | Mediawiki DjVu and PDF handling code execution attempt RuleID : 29582 - Revision : 4 - Type : SERVER-OTHER |
Metasploit Database
id | Description |
---|---|
2014-01-28 | MediaWiki Thumb.php Remote Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-02-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-04.nasl - Type : ACT_GATHER_INFO |
2014-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2891.nasl - Type : ACT_GATHER_INFO |
2014-03-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-057.nasl - Type : ACT_GATHER_INFO |
2014-02-21 | Name : The remote web server contains an application that is affected by a remote co... File : mediawiki_thumb_rce.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1745.nasl - Type : ACT_GATHER_INFO |
2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1802.nasl - Type : ACT_GATHER_INFO |
2014-01-30 | Name : The remote web server contains an application that is affected by multiple re... File : mediawiki_1_19_11.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:30:08 |
|
2021-04-22 01:36:20 |
|
2020-05-23 13:17:04 |
|
2020-05-23 00:40:04 |
|
2016-05-25 21:26:41 |
|
2016-05-12 09:23:15 |
|
2016-04-27 00:16:23 |
|
2016-03-01 17:24:00 |
|
2016-03-01 13:24:26 |
|
2015-02-10 13:24:05 |
|
2014-04-19 13:24:32 |
|
2014-04-01 14:39:27 |
|
2014-03-15 13:21:34 |
|
2014-03-06 21:20:51 |
|
2014-03-06 13:25:06 |
|
2014-02-22 13:20:54 |
|
2014-02-21 13:23:48 |
|
2014-02-20 17:19:09 |
|
2014-02-19 05:19:01 |
|
2014-02-17 11:25:15 |
|
2014-02-07 13:21:46 |
|
2014-02-02 17:18:46 |
|
2014-01-31 21:21:30 |
|
2014-01-31 13:19:42 |
|