User:Leucosticte/Insecure settings

From mediawiki.org

The following are insecure settings.

Enabling upload and execution of arbitrary PHP scripts[edit]

$wgStrictFileExtensions = false;
$wgFileBlacklist = array();
$wgVerifyMimeType = false;