Description
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Remediation
References
Related Vulnerabilities
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)
WordPress Plugin Ticket Manager Cross-Site Scripting (1)
Moodle CVE-2021-40691 Vulnerability (CVE-2021-40691)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Multiple Vulnerabilities (1.5.2)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)