CVE-2013-2114 — Unrestricted File Upload in Mediawiki

9 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.4%

top 19.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedNov 18

Latest updateMay 17

Description

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.7+dfsg-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.7+dfsg-1+3

▶NVDmediawiki/mediawiki13 versions+12

Patches

Patch: lists.wikimedia.org ↗Patch: bugzilla.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-3mhg-j5fx-98c7: Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1↗2022-05-17

▶

OSV

CVE-2013-2114: Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1↗2013-11-18

▶

📋Vendor Advisories

Debian

CVE-2013-2114: mediawiki - Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19...↗2013

▶

💬Community

Bugzilla

CVE-2013-2114 mediawiki: security releases 1.20.6 and 1.19.7 [epel-6]↗2013-05-24

▶

Bugzilla

CVE-2013-2114 mediawiki: security releases 1.20.6 and 1.19.7 [epel-5]↗2013-05-24

▶

Bugzilla

CVE-2013-2114 mediawiki: security releases 1.20.6 and 1.19.7 [epel-all]↗2013-05-24

▶

Bugzilla

CVE-2013-2114 mediawiki: security releases 1.20.6 and 1.19.7↗2013-05-24

▶

Bugzilla

CVE-2013-2114 mediawiki: security releases 1.20.6 and 1.19.7 [fedora-all]↗2013-05-24

▶