The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.24.3 |
||
mediawiki mediawiki 1.25.0 |
||
mediawiki mediawiki 1.25.1 |
||
mediawiki mediawiki 1.25.2 |
||
mediawiki mediawiki 1.24.0 |
||
mediawiki mediawiki 1.24.2 |
||
mediawiki mediawiki |
||
mediawiki mediawiki 1.24.1 |