Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2014-1610 | First vendor Publication | 2014-01-30 |
| Vendor | Cve | Last vendor Modification | 2016-05-25 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2014-02-19 | MediaWiki Thumb.php Remote Command Execution |
| 2014-02-01 | MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-03-06 | Mediawiki DjVu and PDF handling code execution attempt RuleID : 29582 - Revision : 4 - Type : SERVER-OTHER |
Metasploit Database
| id | Description |
|---|---|
| 2014-01-28 | MediaWiki Thumb.php Remote Command Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-02-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-04.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2891.nasl - Type : ACT_GATHER_INFO |
| 2014-03-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-057.nasl - Type : ACT_GATHER_INFO |
| 2014-02-21 | Name : The remote web server contains an application that is affected by a remote co... File : mediawiki_thumb_rce.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1745.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1802.nasl - Type : ACT_GATHER_INFO |
| 2014-01-30 | Name : The remote web server contains an application that is affected by multiple re... File : mediawiki_1_19_11.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:30:08 |
|
| 2021-04-22 01:36:20 |
|
| 2020-05-23 13:17:04 |
|
| 2020-05-23 00:40:04 |
|
| 2016-05-25 21:26:41 |
|
| 2016-05-12 09:23:15 |
|
| 2016-04-27 00:16:23 |
|
| 2016-03-01 17:24:00 |
|
| 2016-03-01 13:24:26 |
|
| 2015-02-10 13:24:05 |
|
| 2014-04-19 13:24:32 |
|
| 2014-04-01 14:39:27 |
|
| 2014-03-15 13:21:34 |
|
| 2014-03-06 21:20:51 |
|
| 2014-03-06 13:25:06 |
|
| 2014-02-22 13:20:54 |
|
| 2014-02-21 13:23:48 |
|
| 2014-02-20 17:19:09 |
|
| 2014-02-19 05:19:01 |
|
| 2014-02-17 11:25:15 |
|
| 2014-02-07 13:21:46 |
|
| 2014-02-02 17:18:46 |
|
| 2014-01-31 21:21:30 |
|
| 2014-01-31 13:19:42 |
|
