← back
CVE-2014-1610

CVE-2014-1610

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 43%
from disclosure to weapon2 days
Published on NVDJan 30
1st PoC+2d
metasploitJan 28
exploitation probability
43%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.