TITLE: MediaWiki "images" Arbitrary Script Upload and Execution Vulnerability SECUNIA ADVISORY ID: SA13419 VERIFY ADVISORY: http://secunia.com/advisories/13419/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: MediaWiki 1.x http://secunia.com/product/2546/ DESCRIPTION: A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of files uploaded to the "images" directory located inside the web root. This can be exploited to upload and execute arbitrary malicious scripts. The vulnerability has been reported in version 1.3.8. Prior versions may also be affected. SOLUTION: Update to version 1.3.9. http://wikipedia.sourceforge.net/ PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
Christian please bump to 1.3.9.
I do tonight, hold on for a few hours, plz.
thx, done.
Changing to proper status.