Description
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Exploits (1)
References (4)
Core 4
Core References
Patch x_refsource_misc
http://wikipedia.sourceforge.net/
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11985
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110321710420059&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13478/
Scores
EPSS
0.1016
EPSS Percentile
93.1%
Details
Status
published
Products (12)
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
mediawiki/mediawiki
1.3.1
mediawiki/mediawiki
1.3.2
mediawiki/mediawiki
1.3.3
mediawiki/mediawiki
1.3.4
mediawiki/mediawiki
1.3.5
mediawiki/mediawiki
1.3.6
mediawiki/mediawiki
1.3.7
mediawiki/mediawiki
1.3.8
... and 2 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026