Published: 31/12/2004 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

MediaWiki 1.3.8 and previous versions, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote malicious users to upload and execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.3.11
mediawiki mediawiki 1.3.2
mediawiki mediawiki 1.3
mediawiki mediawiki 1.3.0
mediawiki mediawiki 1.3.5
mediawiki mediawiki 1.3.6
mediawiki mediawiki 1.3.3
mediawiki mediawiki 1.3.4
mediawiki mediawiki 1.3.1
mediawiki mediawiki 1.3.10
mediawiki mediawiki 1.3.7
mediawiki mediawiki 1.3.8

source: wwwsecurityfocuscom/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server This issue results from insufficient sanitization of user-supplied input If successful, the attacker can execute arbitrary script code on a vulnerable server ...

NVD-CWE-Other http://www.securityfocus.com/bid/11985 http://secunia.com/advisories/13478/http://wikipedia.sourceforge.net/http://marc.info/?l=bugtraq&m=110321710420059&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/24994/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1405

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect