The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Blue Skidoo Vulnerability VWE-ID VWE-2012-0205 Related Report None Severity Extreme Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered January 7, 2013 Resolved January 8, 2013 Patches Available 3.0.20
3.0.19 Patch Level 1
3.0.18 Patch Level 1
3.0.17 Patch Level 1Workaround Update all wiki forums so that images are not allowed.
Sub-Categories of VWE-2012-0205
-
#
-
# (cont.)
-
# (cont.)