CVE-2014-1610

MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-1610. PoCs published by Metasploit, @u0x, Netanel Rubin, Brandon Perry, Ben Harris, Ben Campbell, including Metasploit module exploits/multi/http/mediawiki_thumb.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-1610, a remote command execution vulnerability in MediaWiki's thumb.php when DjVu or PDF file upload support is enabled. It leverages shell metacharacters to execute arbitrary commands, with support for automatic target detection and authentication if required.

Description

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/31767

This Metasploit module exploits CVE-2014-1610, a remote command execution vulnerability in MediaWiki's thumb.php when DjVu or PDF file upload support is enabled. It leverages shell metacharacters to execute arbitrary commands, with support for automatic target detection and authentication if required.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, 1.19.x before 1.19.11
Auth required
Prerequisites: DjVu or PDF file upload support enabled · Valid credentials if no target file is specified
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by @u0x · textwebappsmultiple
https://www.exploit-db.com/exploits/31329

This exploit leverages a command injection vulnerability in MediaWiki's PdfHandler extension (CVE-2014-1610) by manipulating the 'w' parameter in thumb.php to execute arbitrary shell commands, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MediaWiki <= 1.22.1 with PdfHandler extension
Auth required
Prerequisites: MediaWiki with PdfHandler extension enabled · Ability to upload a PDF file · Authenticated session
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Netanel Rubin, Brandon Perry, Ben Harris, Ben Campbell · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mediawiki_thumb.rb

This Metasploit module exploits a command injection vulnerability in MediaWiki's Thumb.php when DjVu or PDF file upload support is enabled. It allows remote unauthenticated users to execute arbitrary commands via shell metacharacters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, 1.19.x before 1.19.11
No auth needed
Prerequisites: DjVu or PDF file upload support enabled · Target file or credentials for upload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31329/
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57472
Various Sources x_refsource_misc
https://gerrit.wikimedia.org/r/#/c/110215/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2891
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029707
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65223
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/102631
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56695
Vendor Advisory x_refsource_misc
https://gerrit.wikimedia.org/r/#/c/110069/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/102630
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html

Scores

EPSS 0.4278
EPSS Percentile 98.5%

Details

CWE
CWE-20
Status published
Products (17)
mediawiki/mediawiki 1.19.0
mediawiki/mediawiki 1.19.1
mediawiki/mediawiki 1.19.2
mediawiki/mediawiki 1.19.3
mediawiki/mediawiki 1.19.4
mediawiki/mediawiki 1.19.5
mediawiki/mediawiki 1.19.6
mediawiki/mediawiki 1.19.7
mediawiki/mediawiki 1.19.8
mediawiki/mediawiki 1.19.9
... and 7 more
Published Jan 30, 2014
Tracked Since Feb 18, 2026