Description

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Remediation

References

CVE-2004-1405

Related Vulnerabilities

MySQL CVE-2021-2194 Vulnerability (CVE-2021-2194)

WordPress Plugin AgentPress Broker Listings Cross-Site Scripting (1.0)

WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)

OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)

WordPress Plugin Download Manager PHAR Deserialization (3.2.49)

Severity

High

Classification

CVE-2004-1405

Tags

Missing Update Known Vulnerabilities