Description
MediaWiki user Marco discovered that security checks for file
uploads were not being run when the file was uploaded in chunks
through the API. This option has been available to users who can
upload files since MediaWiki 1.19.
This issue was fixed in MediaWiki v1.20.6 and MediaWiki v1.19.7.
Remediation
Upgrade to the latest version of MediaWiki.
Related Vulnerabilities
WordPress Plugin WOOF-Products Filter for WooCommerce Multiple Vulnerabilities (1.1.4.2)
WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7)
WordPress Plugin Simple Schools Staff Directory Arbitrary File Upload (1.1)
WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)