Vulnerability Description
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | 1.19 |
References
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.htmlPatch
- http://secunia.com/advisories/55433Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201310-21.xml
- http://www.openwall.com/lists/oss-security/2013/05/24/3
- https://bugzilla.wikimedia.org/show_bug.cgi?id=48306Patch
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.htmlPatch
- http://secunia.com/advisories/55433Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201310-21.xml
- http://www.openwall.com/lists/oss-security/2013/05/24/3
- https://bugzilla.wikimedia.org/show_bug.cgi?id=48306Patch
FAQ
What is CVE-2013-2114?
CVE-2013-2114 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an e...
How severe is CVE-2013-2114?
CVE-2013-2114 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2114?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.