Wiki Remote Code Vulnerability

Tuesday, February 4, 2014 @ 01:02 PM gHale


There is a critical vulnerability that could affect websites created on the MediaWiki platform, researchers said.

There is a remote code execution security hole could end up exploited, said researchers from security firm Check Point. Attackers could leverage the flaw to gain complete control of an affected Web server.

RELATED STORIES
Starbucks Clears Up Password Fault
Quantum Physics for Computer Security
Math Model for Cyber Protection
Implementing ICS Digital Zone Separation

MediaWiki installations starting with version 1.8 are affected. One point of reference is in order for an attack to succeed, a victim, or an attacker, must enable a specific non-default setting.

As a result of the vulnerability, the WikiMedia Foundation fixed the problem after they received notification. The organization also sent out an alert to encourage MediWiki customers to update their installations.

If unpatched, the vulnerability could inject malicious code into Wikipedia.org and other Wiki websites that run on the open-source platform MediaWiki. This could have been a problem since Wikipedia has 94 million unique visitors each month.

“It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage. The Check Point Vulnerability Research Group focuses on finding these security exposures and deploying the necessary real-time protections to secure the Internet,” said Dorit Dor, vice president of products at Check Point Software Technologies.

Check Point said this is the third remote code execution vulnerability found on the MediaWiki platform since 2006.

Last year, there were 13 security holes found in MediaWiki. The list includes one code execution, six cross-site scripting (XSS), two bypass and three cross-site reference forgery (CSRF) vulnerabilities.



Leave a Reply

You must be logged in to post a comment.