Description
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
Remediation
References
Related Vulnerabilities
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)
MODX Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-8773)
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)