Remote Code Execution Vulnerability Impacts Wikipedia and Other MediaWiki Sites


Wikipedia vulnerable to remote code execution attacks

Security researchers from Check Point have identified a critical vulnerability affecting websites created on the MediaWiki platform. Several Wiki sites have been impacted, including Wikipedia.org.

According to experts, the security hole could have been exploited for remote code execution. Cybercriminals could have leveraged the flaw to gain complete control of an affected Web server.

MediaWiki installations starting with version 1.8 are affected. It’s worth noting that in order for an attack to succeed, a specific non-default setting must be enabled.

Fortunately, the WikiMedia Foundation rushed to address the issue after being notified. The organization has also sent out an alert to encourage MediWiki customers to update their installations.

If unpatched, the vulnerability can be used to inject malicious code into Wikipedia.org and other Wiki websites that run on the open-source platform MediaWiki.

This could have been highly problematic, considering that Wikipedia has around 94 million unique visitors each month.

“It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage. The Check Point Vulnerability Research Group focuses on finding these security exposures and deploying the necessary real-time protections to secure the Internet,” explained Dorit Dor, vice president of products at Check Point Software Technologies.

“We’re pleased that the MediaWiki platform is now protected against attacks on this vulnerability, which would have posed great security risk for millions of daily ‘wiki’ site users.”

Check Point reveals the fact that this is the third remote code execution vulnerability found on the MediaWiki platform since 2006.

A total of 13 security holes were found in MediaWiki in 2013. The list includes one code execution, six cross-site scripting (XSS), two bypass and three cross-site reference forgery (CSRF) vulnerabilities.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s