Description
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Remediation
References
Related Vulnerabilities
MySQL Resource Management Errors Vulnerability (CVE-2010-3677)
WordPress Plugin AdminPad Cross-Site Request Forgery (2.1)
WordPress Plugin Easy Cookies Policy Cross-Site Scripting (1.6.2)
Roundcube Cross-site Request Forgery (CSRF) Vulnerability (CVE-2016-4069)
WordPress Plugin Slideshow Pro 'upload.php' Arbitrary File Upload (2.1)