[Mediawiki-l] site defaced

[Greg Rundlett]

My website was just defaced, and I have not yet had a chance to 
investigate the exact causes.  The script-kiddie was able to upload a 
php shell creation script + php-explorer and others.

I installed mediawiki in the last two weeks, and the folder is now 
gone.  I'm wondering if mediawiki is known to be secure with 
allow_url_fopen set to on?  Are there any known vulnerabilities in 
mediawiki?  I do not know the exact vulnerability that caused my site to 
be owned, and there may have been mulitple vulnerabilitites, I'm just 
asking what if any info you might have in this regard.

Thanks,
Greg

-- 
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.