VaultWiki Security Update: VerQuatch Vulnerability

Earlier this week, a user reported an issue that was discovered during a security audit of the user's server. The audit uncovered a Local File Inclusion vulnerability in some VaultWiki files, which could be used by an attacker to read sensitive data stored on the file system. In PHP versions prior to 5.3.3, it was also possible to perform Remote Code Execution using the same vulnerability. However, there was no evidence that this vulnerability had ever been exploited.

VerQuatch Vulnerability affects all prior versions of VaultWiki 4.x, including VaultWiki Lite. It is possible to exploit whether VaultWiki is enabled or disabled in your site's Add-On/Product Manager.

On November 15, 2016, we released the following patches to address this issue:

• 4.0.15 Patch Level 1
• 4.0.14 Patch Level 4
• 4.0.13 Patch Level 4
• 4.0.12 Patch Level 5
• 4.0.11 Patch Level 5
• 4.0.10 Patch Level 6
• 4.0.9 Patch Level 6
• 4.0.8 Patch Level 8

We strongly recommend that all users running VaultWiki 4.x in a production environment update to a patched release as soon as possible.

Please note that this patch increases VaultWiki's minimum required PHP version to 5.3.3.

Additional Steps

While there is no evidence of exploitation of this vulnerability at this time, it has allowed attackers to potentially read the contents of any file that was also readable by your PHP user. After patching, please ensure that any other sensitive data that may be stored on your file system is secure. Some example measures include:

• Change the MySQL password for your installation.
• If using vBulletin, and if your forum is configured to cache the datastore as files (see includes/config.php), then change the SMTP password for your forum's SMTP sender address.
• If your site uses SSL, regenerate your private key and certificates.