Vulnerability Details CVE-2004-1405
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.089
EPSS Ranking 92.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=110321710420059&w=2
- http://secunia.com/advisories/13478/
- http://wikipedia.sourceforge.net/
- http://www.securityfocus.com/bid/11985
- http://marc.info/?l=bugtraq&m=110321710420059&w=2
- http://secunia.com/advisories/13478/
- http://wikipedia.sourceforge.net/
- http://www.securityfocus.com/bid/11985
Products affected by CVE-2004-1405
-
cpe:2.3:a:mediawiki:mediawiki:1.3
-
cpe:2.3:a:mediawiki:mediawiki:1.3.0
-
cpe:2.3:a:mediawiki:mediawiki:1.3.1
-
cpe:2.3:a:mediawiki:mediawiki:1.3.10
-
cpe:2.3:a:mediawiki:mediawiki:1.3.11
-
cpe:2.3:a:mediawiki:mediawiki:1.3.2
-
cpe:2.3:a:mediawiki:mediawiki:1.3.3
-
cpe:2.3:a:mediawiki:mediawiki:1.3.4
-
cpe:2.3:a:mediawiki:mediawiki:1.3.5
-
cpe:2.3:a:mediawiki:mediawiki:1.3.6
-
cpe:2.3:a:mediawiki:mediawiki:1.3.7
-
cpe:2.3:a:mediawiki:mediawiki:1.3.8