Description
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034028
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
Vendor Advisory x_refsource_confirm
https://phabricator.wikimedia.org/T91850
Scores
EPSS
0.0052
EPSS Percentile
67.1%
Details
CWE
CWE-399
Status
published
Products (8)
mediawiki/mediawiki
1.24.0
mediawiki/mediawiki
1.24.1
mediawiki/mediawiki
1.24.2
mediawiki/mediawiki
1.24.3
mediawiki/mediawiki
1.25.0
mediawiki/mediawiki
1.25.1
mediawiki/mediawiki
1.25.2
mediawiki/mediawiki
< 1.23.10
Published
Nov 09, 2015
Tracked Since
Feb 18, 2026