Description

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Remediation

References

CVE-2004-1405

Related Vulnerabilities

ownCloud Other Vulnerability (CVE-2014-2055)

MySQL CVE-2018-3133 Vulnerability (CVE-2018-3133)

WordPress Plugin BSK PDF Manager SQL Injection (3.1.1)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Request Forgery (1.1.90)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4448)

Severity

High

Classification

CVE-2004-1405

Tags

Missing Update Known Vulnerabilities