Arbitrary File Upload Vulnerability in MediaWiki (CVE-2015-8003)
Arbitrary File Upload Vulnerability in MediaWiki (CVE-2015-8003)
Release date:
Updated on:
Affected Systems:
MediaWiki <1.23.11
MediaWiki 1.25.x-1.25.3
MediaWiki 1.24.x-1.24.4
Description:
CVE (CAN) ID: CVE-2015-8003
MediaWiki is a famous wiki program running in the PHP + MySQL environment.
MediaWiki versions earlier than 1.23.11, 1.24.x-1.24.4, 1.25.x-1.25.3, without restrictions on file upload. Authenticated remote users can upload multiple files.
<* Source: vendor
*>
Suggestion:
Vendor patch:
MediaWiki
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://phabricator.wikimedia.org/T91850
Refer:
Http://www.securitytracker.com/id/1034028
Https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
This article permanently updates the link address: