A critical vulnerability has been discovered in the MediaWiki project web platform, the operation behind Wikipedia.
According to research, version 1.8 onwards was vulnerable to a remote code execution (RCE) flaw, which would allow an attacker to gain complete control of the vulnerable web server. The detection by Check Point, was made to the WikiMedia Foundation who have issued an update and patch to the MediaWiki software.
Prior to the availability of a patch for this vulnerability, an attacker could have injected malware infection code into every page in Wikipedia.org, as well as into any other internal or Web-facing wiki site running on MediaWiki with the affected settings.
Dorit Dor, vice president of products at Check Point Software Technologies, said: “It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage. The Check Point Vulnerability Research Group focuses on finding these security exposures and deploying the necessary real-time protections to secure the internet.
“We’re pleased that the MediaWiki platform is now protected against attacks on this vulnerability, which would have posed great security risk for millions of daily ‘wiki’ site users.”