Vulnerabilities > CVE-2004-2186 - Remote Input Validation vulnerability in Mediawiki 1.3.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mediawiki
nessus
NVD
Published: 2004-12-31
Updated: 2008-09-05

Summary

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
1

Nessus

NASL familyCGI abuses
NASL idMEDIAWIKI_MULTIPLE_FLAWS.NASL
descriptionThe remote host appears is running a version of MediaWiki prior to 1.3.11. It is, therefore, affected by various vulnerabilities, including some that allow an attacker to execute arbitrary PHP code on the remote host. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id18035
published2005-04-13
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18035
titleMediaWiki < 1.3.11 Multiple Remote Vulnerabilities

References