Описание
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.23.10 (включая)
Одно из
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00522
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
ubuntu
около 10 лет назад
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
debian
около 10 лет назад
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25 ...
github
больше 3 лет назад
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
EPSS
Процентиль: 66%
0.00522
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-399