Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | 1.19 (including) | 1.19 (including) |
| Mediawiki | Mediawiki | 1.19-beta_1 (including) | 1.19-beta_1 (including) |
| Mediawiki | Mediawiki | 1.19-beta_2 (including) | 1.19-beta_2 (including) |
| Mediawiki | Mediawiki | 1.19.0 (including) | 1.19.0 (including) |
| Mediawiki | Mediawiki | 1.19.1 (including) | 1.19.1 (including) |
| Mediawiki | Mediawiki | 1.19.2 (including) | 1.19.2 (including) |
| Mediawiki | Mediawiki | 1.19.3 (including) | 1.19.3 (including) |
| Mediawiki | Mediawiki | 1.19.4 (including) | 1.19.4 (including) |
| Mediawiki | Mediawiki | 1.19.5 (including) | 1.19.5 (including) |
| Mediawiki | Mediawiki | 1.19.6 (including) | 1.19.6 (including) |
| Mediawiki | Mediawiki | 1.20.1 (including) | 1.20.1 (including) |
| Mediawiki | Mediawiki | 1.20.2 (including) | 1.20.2 (including) |
| Mediawiki | Mediawiki | 1.20.3 (including) | 1.20.3 (including) |
| Mediawiki | Mediawiki | 1.20.4 (including) | 1.20.4 (including) |
| Mediawiki | Mediawiki | 1.20.5 (including) | 1.20.5 (including) |
| Mediawiki | Ubuntu | lucid | * |
| Mediawiki | Ubuntu | precise | * |
| Mediawiki | Ubuntu | quantal | * |
| Mediawiki | Ubuntu | raring | * |
| Mediawiki | Ubuntu | upstream | * |