Description
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)
WordPress Plugin Newspack Blocks Arbitrary File Upload (3.0.8)
WordPress Plugin Video Gallery-Vimeo and YouTube Gallery Cross-Site Scripting (1.1.4)
MySQL CVE-2019-2822 Vulnerability (CVE-2019-2822)
WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)