PT-2004-2453 · Moniwiki+1 · Moniwiki+1

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1545

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MoniWiki versions 1.0.9.2 and earlier

Description The issue arises from the improper handling of files with multiple extensions by UploadFile.php in MoniWiki when used in conjunction with Apache mod mime. This allows remote attackers to upload files with names such as .php.hwp and execute arbitrary code.

Recommendations For MoniWiki versions 1.0.9.2 and earlier, consider restricting or disabling the UploadFile.php functionality until a proper fix is applied to handle files with multiple extensions securely. Additionally, review and enforce strict file type validation and handling to prevent the upload and execution of malicious files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1545

Affected Products

Apache Mod Mime

Moniwiki

PT-2004-2453 · Moniwiki+1 · Moniwiki+1

CVE-2004-1545

Related Identifiers

Affected Products

References · 7