VWE-2010-0106 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2010-0106
This page is a chapter in Info Known Vulnerabilities

This page has been seen 4,324 times.

- Created by
  pegasus
  on November 24, 2024

Common Name None
VWE-ID VWE-2010-0106
Related Report None
Severity HIGH
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions escalation. Text containing HTML, smilies, or images can be parsed in the content that includes a template, even though the wiki forum containing the content does not allow the text to parse, as long as both:

The wiki forum containing the template does allow it, AND
The template is parsed prior to the escalated content.
Discovered August 17, 2010
Resolved August 17, 2010
Patches Available 3.0.3
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
Even though the issue did not affect the 2.x series at the time of the patch, subsequent patch code of the 2.x series replicated code that this was intended to patch, from a copy before this patch, resulting in future 2.x versions to be vulnerable for the remainder of the lifetime of that series.

Common Name	None
VWE-ID	VWE-2010-0106
Related Report	None
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions escalation. Text containing HTML, smilies, or images can be parsed in the content that includes a template, even though the wiki forum containing the content does not allow the text to parse, as long as both: The wiki forum containing the template does allow it, AND The template is parsed prior to the escalated content.
Discovered	August 17, 2010
Resolved	August 17, 2010
Patches Available	3.0.3