Launchpad.net

CVE 2013-2114

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

See the CVE page on Mitre.org for more details.