| VID |
21683 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of MediaWiki which is older than version 1.3.11 is detected as installed on the host. MediaWiki is a freely available editing program for Wikipedia, Wiktionary, and other software written in PHP. MediaWiki versions prior to 1.3.11 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct arbitrary PHP code execution, cross-site scripting (XSS), and SQL injection attacks.
* Note: This check solely relied on the version number of MediaWiki on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/10231/
http://secunia.com/advisories/12692/
http://secunia.com/advisories/12825/
http://secunia.com/advisories/13419/
http://secunia.com/advisories/14125/
* Platforms Affected:
The Wikimedia Foundation, Inc., MediaWiki versions prior to 1.3.11
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MediaWiki (1.3.11 or later), available from the MediaWiki Web page at http://wikipedia.sourceforge.net/ |
| Related URL |
CVE-2004-1405,CVE-2004-2185,CVE-2004-2186,CVE-2004-2187 (CVE) |
| Related URL |
12625,12444,11985,11897,11480,11416,11302,10958,9057 (SecurityFocus) |
| Related URL |
13764,17045,17713,17712,17578,18425,19219 (ISS) |
|
