Commons seems to be a target for such an attack.
Upload is easy, although I'm
not to sure about the damage potential. I suppose if an administrators
account would get compromised an applet could be manufactured to mass delete
content or mass block users.
If commons is vulnerable all wikimedia wiki's are and there is nothing
that local commons users or admins can really do about this. Mediawiki
should probablly be modified to check for garbage on the end of image
files if it does not already do so.
Sending this on to wikitech-l so the devs can comment on it.
.