The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2014-0232 Related Report None Severity Extreme Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content rendered to a plain-text format, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered August 2, 2014 Resolved December 1, 2014 Patches Available 3.0.21
This page has been seen 4,707 times.
-
-
Created by on
-