header-logo
Suggest Exploit
vendor:
MediaWiki
by:
Unknown
7.5
CVSS
HIGH
Arbitrary Script Upload
Unknown
CWE
Product Name: MediaWiki
Affected Version From: MediaWiki 1.3.8
Affected Version To: Prior versions
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Arbitrary PHP Script Upload in MediaWiki

The vulnerability allows a remote attacker to upload arbitrary PHP scripts to a vulnerable server due to insufficient sanitization of user-supplied input. If successful, the attacker can execute arbitrary script code on the server, leading to unauthorized access in the context of the application.

Mitigation:

Implement proper input sanitization to prevent unauthorized script uploads. Upgrade to a patched version of MediaWiki.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11985/info

MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input.

If successful, the attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the application.

MediaWiki 1.3.8 and prior versions are affected by this issue. 

Script file name:
attack.php.rar