Description
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0265 Vulnerability (CVE-2006-0265)
MySQL CVE-2018-3145 Vulnerability (CVE-2018-3145)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2018-20826)
GlassFish CVE-2016-5519 Vulnerability (CVE-2016-5519)
WordPress Plugin Article Directory Cross-Site Scripting (1.3)