Vulnerabilities > CVE-2004-1405 - Remote Arbitrary Script Upload vulnerability in MediaWiki

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mediawiki
nessus
exploit available

Summary

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Exploit-Db

descriptionMediaWiki 1.3.x Remote Arbitrary Script Upload Vulnerability. CVE-2004-1405. Webapps exploit for php platform
idEDB-ID:24994
last seen2016-02-03
modified2004-12-16
published2004-12-16
reporterJeremy Bae
sourcehttps://www.exploit-db.com/download/24994/
titleMediaWiki 1.3.x - Remote Arbitrary Script Upload Vulnerability

Nessus

NASL familyCGI abuses
NASL idMEDIAWIKI_MULTIPLE_FLAWS.NASL
descriptionThe remote host appears is running a version of MediaWiki prior to 1.3.11. It is, therefore, affected by various vulnerabilities, including some that allow an attacker to execute arbitrary PHP code on the remote host. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id18035
published2005-04-13
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18035
titleMediaWiki < 1.3.11 Multiple Remote Vulnerabilities