Description

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Remediation

References

CVE-2004-1405

Related Vulnerabilities

Joomla Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-11324)

WordPress Plugin PopCash.Net Code Integration Tool Cross-Site Scripting (1.0)

MySQL CVE-2015-4771 Vulnerability (CVE-2015-4771)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28982)

WordPress Plugin Chat Cross-Site Scripting (1.0.8)

Severity

High

Classification

CVE-2004-1405

Tags

Missing Update Known Vulnerabilities