Description

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

Remediation

References

CVE-2015-8002

Related Vulnerabilities

WordPress Plugin UPM Polls 'PID' Parameter SQL Injection (1.0.4)

WordPress Plugin Post to CSV by BestWebSoft Cross-Site Scripting (1.3.0)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7854)

WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)

Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)

Severity

Medium

Classification

CVE-2015-8002

Tags

Missing Update Known Vulnerabilities