MediaWiki thumb.php page Parameter Remote Shell Command Injection

This exploit is Copyright (C) 2007-2017 DSquare Security, LLC.


Description: MediaWiki contains a flaw that is due to the program failing to properly sanitize input passed via the "page" parameter in the thumb.php script. This may allow a remote attack to inject arbitrary shell commands.
Family: Remote Command Execution
Bugtraq ID: BID-65223
CVE ID: CVE-2014-1610
VULNDB ID: VULNDB-102631 VULNDB-102630

Back to Exploits

Share :   Facebook   Twitter   Google+