Description

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

Remediation

References

CVE-2015-8002

Related Vulnerabilities

WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.10)

Magento Cryptographic Issues Vulnerability (CVE-2019-7855)

WordPress Plugin WooCommerce Instamojo Cross-Site Scripting (0.0.6)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2231)

Severity

Medium

Classification

CVE-2015-8002

Tags

Missing Update Known Vulnerabilities