Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1545

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1545
Last Modified 05 Sep 2008 04:41:42
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1545

Summary

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.

Vulnerable Systems

Application

  • Moniwiki 1.0.8

  • Moniwiki 1.0.9

  • Moniwiki 1.0.9.1


References

XF - moniwiki-file-upload(18493)

BID - 11951

FULLDISC - 20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki

SECUNIA - 13478

CONFIRM - http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h


Last Updated: 27 May 2016 10:39:05