Check Point Software Technologies, a provider of Internet security solutions, has identified a critical vulnerability in the MediaWiki project Web platform.
MediaWiki is an open-source Web platform used to create and maintain ‘wiki’ Web sites. The MediaWiki platform includes Wikipedia.org, the sixth most visited website in the world.
The critical vulnerability has exposed MediaWiki (version 1.8 onwards) to remote code execution (RCE), where an attacker can gain complete control of the vulnerable web server.
Check Point immediately alerted the WikiMedia Foundation about the vulnerability, and after verification, the Foundation issued an update and patch to the MediaWiki software, Check Point said.
Check Point also delivered updated protections to its worldwide customers in conjunction with the WikiMedia Foundation’s software update.
The vulnerability has the potential to allow an attacker to control the Wikipedia.org Web server, or any other ‘wiki’ site running on MediaWiki, and potentially inject and serve malware-infecting code to users visiting these sites
The WikiMedia Foundation released a software update after learning of the vulnerability from Check Point and encouraged all MediaWiki customers to apply the patch as soon as possible
Since 2006, this is only the third RCE vulnerability found in the MediaWiki platform.
The Check Point Vulnerability Research Group focuses on finding such security exposures and deploying the necessary real-time protections to secure the Internet, said Dorit Dor, vice president of products at Check Point Software Technologies.