MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mediawiki | Mediawiki | 1.3 (including) | 1.3 (including) |
Mediawiki | Mediawiki | 1.3.0 (including) | 1.3.0 (including) |
Mediawiki | Mediawiki | 1.3.1 (including) | 1.3.1 (including) |
Mediawiki | Mediawiki | 1.3.2 (including) | 1.3.2 (including) |
Mediawiki | Mediawiki | 1.3.3 (including) | 1.3.3 (including) |
Mediawiki | Mediawiki | 1.3.4 (including) | 1.3.4 (including) |
Mediawiki | Mediawiki | 1.3.5 (including) | 1.3.5 (including) |
Mediawiki | Mediawiki | 1.3.6 (including) | 1.3.6 (including) |
Mediawiki | Mediawiki | 1.3.7 (including) | 1.3.7 (including) |
Mediawiki | Mediawiki | 1.3.8 (including) | 1.3.8 (including) |
Mediawiki | Mediawiki | 1.3.10 (including) | 1.3.10 (including) |
Mediawiki | Mediawiki | 1.3.11 (including) | 1.3.11 (including) |