Description
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2194 Vulnerability (CVE-2021-2194)
WordPress Plugin AgentPress Broker Listings Cross-Site Scripting (1.0)
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)
WordPress Plugin Download Manager PHAR Deserialization (3.2.49)