MediaWiki PHP Inclusion Arbitrary Command Execution

2004-08-12T04:08:09
ID OSVDB:8691
Type osvdb
Reporter OSVDB
Modified 2004-08-12T04:08:09

Description

Vulnerability Description

MediaWiki contains a flaw that may allow an attacker to include arbitrary PHP code and execute arbitrary commands. No further details have been provided.

Technical Description

This issue requires that include files are exposed and you have allow_url_fopen and register_globals on (this is the default configuration in PHP 4.1.x).

Solution Description

Upgrade to version 1.3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MediaWiki contains a flaw that may allow an attacker to include arbitrary PHP code and execute arbitrary commands. No further details have been provided.

References:

Vendor URL: http://wikipedia.sourceforge.net/ Vendor Specific Advisory URL