VWE-2012-0205 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2012-0205
This page is a chapter in Info Known Vulnerabilities

This page has been seen 255,071 times.

- Created by
  dianiz
  on April 18, 2015
  
  Last updated by
  pegasus
  on November 25, 2024

Common Name Blue Skidoo Vulnerability
VWE-ID VWE-2012-0205
Related Report None
Severity Extreme
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.

Discovered January 7, 2013
Resolved January 8, 2013
Patches Available 3.0.20
3.0.19 Patch Level 1
3.0.18 Patch Level 1
3.0.17 Patch Level 1
Workaround Update all wiki forums so that images are not allowed.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Blue Skidoo Vulnerability
VWE-ID	VWE-2012-0205
Related Report	None
Severity	Extreme
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered	January 7, 2013
Resolved	January 8, 2013
Patches Available	3.0.20 3.0.19 Patch Level 1 3.0.18 Patch Level 1 3.0.17 Patch Level 1
Workaround	Update all wiki forums so that images are not allowed.