Description
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Remediation
References
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4608)
WordPress Plugin Login by Auth0 Multiple Vulnerabilities (3.11.3)
Oracle Database Server CVE-2013-3790 Vulnerability (CVE-2013-3790)
PHP Other Vulnerability (CVE-2007-1583)
LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)