VWE-2011-0148
Return to current revision
Current Revision
April 8, 2018, 11:49 PM
General Differences
made the following changes
- removed the title prefix 'XSS'
- changed the title from 'Social Escalation Vulnerability' to 'VWE-2011-0148'
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Social Escalation Vulnerability -
+| severity=Extreme
-
| difficulty=Easy -
-
| description=Permissions escalation -
+
| description=Permissions escalation.
| lite=no -
| discover-date=November 28, 2011
| patch-date=December 10, 2011
| patches=3.0.16
3.0.15 Patch Level 1
3.0.14 Patch Level 1
3.0.13 Patch Level 1
3.0.12 Patch Level 1
3.0.11 Patch Level 2
3.0.10 Patch Level 2
3.0.9 Patch Level 2 -
-
| workaround=Do not set Social Group Mask to the administrator group. It is very easy to do accidentally. -
+
| workaround=Do not set Social Group Mask to the administrator group, moderator group, banned group, or guest group. It is very easy to set to the administrator group accidentally. -
[/template]