Description
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407)