Code execution vulnerability discovered MediaWiki platform

The popular Wiki platform suffers from a remote code execution vulnerability if uploads are supported for DjVu or PDF file types.

The WikiMedia Foundation encouraged webmasters and systems administrators to update their MediaWiki installations on Tuesday, after researchers at Check Point discovered remote code execution vulnerabilities in platform's core installation.

From the announcement:

"Your MediaWiki installation is affected by a remote code execution vulnerability if you have enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files (in combination with the PdfHandler extension). Neither file type is enabled by default in MediaWiki installations. If you are affected, we strongly urge you to update immediately."

The MediaWiki platform is used by thousands of websites, and collectively serves more than 100 million users each day – a majority of them via Wikipedia. Initially, Check Point researchers discovered the vulnerability in the handling of DjVu files, but additional testing by the WikiMedia Foundation discovered similar issues with PDF files.

If exploited, an attacker could take control over the server where the platform is installed, and inject malicious code into every page served by the platform. Until the patch was released, Wikipedia was the largest vulnerable site on the web (in terms of pages rendered and traffic), but other large Wiki-based websites are still at risk until the patch is deployed.

According to the WikiMedia Foundation's Chris Steipp, the foundation plans to use the flaw as an example. Once it seems like most Wiki installations are patched, the exploit will be made public "so we have a negative example that developers can see and prevent in the future."

Additional details are available here, and patches are available for download here.

New! Download the State of Cybercrime 2017 report