VDB

GCVE-110-MAGEIA-2015-421

GCVE-110-MAGEIA-2015-421
Advisory Published
Vulnetix · Advisory published November 2, 2015
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload (CVE-2015-8001). In MediaWiki before 1.23.11, a malicious user could upload chunks of 1 byte for very large files, potentially creating a very large number of files on the server's filesystem (CVE-2015-8002). In MediaWiki before 1.23.11, it is not possible to throttle file uploads, or in other words, rate limit them (CVE-2015-8003). In MediaWiki before 1.23.11, a missing authorization check when removing suppression from a revision allowed users with the 'viewsuppressed' user right but not the appropriate 'suppressrevision' user right to unsuppress revisions (CVE-2015-8004). In MediaWiki before 1.23.11, thumbnails of PNG files generated with ImageMagick contained the local file path in the image (CVE-2015-8005).

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki0 (affected), 1.23.11-1.mga5 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›