CVE-2004-1405

MediaWiki <= 1.3.8 - Remote Code Execution via Double Extension File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1405. PoCs published by Jeremy Bae.

AI-analyzed exploit summary This is a vulnerability writeup describing CVE-2004-1405, which involves insufficient input sanitization in MediaWiki allowing remote attackers to upload arbitrary PHP scripts. No actual exploit code is provided.

Description

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jeremy Bae · textwebappsphp
https://www.exploit-db.com/exploits/24994

This is a vulnerability writeup describing CVE-2004-1405, which involves insufficient input sanitization in MediaWiki allowing remote attackers to upload arbitrary PHP scripts. No actual exploit code is provided.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MediaWiki 1.3.8 and prior
No auth needed
Prerequisites: Access to the MediaWiki upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch x_refsource_misc
http://wikipedia.sourceforge.net/
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11985
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110321710420059&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13478/

Scores

EPSS 0.0515
EPSS Percentile 91.3%

Details

Status published
Products (12)
mediawiki/mediawiki 1.3
mediawiki/mediawiki 1.3.0
mediawiki/mediawiki 1.3.1
mediawiki/mediawiki 1.3.2
mediawiki/mediawiki 1.3.3
mediawiki/mediawiki 1.3.4
mediawiki/mediawiki 1.3.5
mediawiki/mediawiki 1.3.6
mediawiki/mediawiki 1.3.7
mediawiki/mediawiki 1.3.8
... and 2 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026