Arbitrary Code Execution via File Upload in MediaWiki 1.3.8 and Earlier

Arbitrary Code Execution via File Upload in MediaWiki 1.3.8 and Earlier

CVE-2004-1405 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Learn more about our Cis Benchmark Audit For Apache Http Server.