VWE-2014-0232 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2014-0232
This page is a chapter in Info Known Vulnerabilities

This page has been seen 4,710 times.

- Created by
  pegasus
  on November 25, 2024

Common Name None
VWE-ID VWE-2014-0232
Related Report None
Severity Extreme
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content rendered to a plain-text format, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.

Discovered August 2, 2014
Resolved December 1, 2014
Patches Available 3.0.21
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2014-0232
Related Report	None
Severity	Extreme
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Arbitrary code execution. By entering a specially-crafted URL inside an IMG BB-Code tag within wiki content rendered to a plain-text format, a malicious user can execute arbitrary PHP code on the server. Does not affect Lite versions.
Discovered	August 2, 2014
Resolved	December 1, 2014
Patches Available	3.0.21