This is an old revision of this page, as edited November 15, 2016, 11:46 AM by pegasus(contribs). It may differ significantly from the current revision.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Quatch Vulnerability VWE-ID Quatch Vulnerability Related Report None Severity HIGH Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Local File Inclusion. In PHP < 5.3.3, also Remote Code Execution.
Discovered November 14, 2016 Resolved November 15, 2016 Patches Available 4.0.15 Patch Level 1
4.0.14 Patch Level 4
4.0.13 Patch Level 4
4.0.12 Patch Level 5
4.0.11 Patch Level 5
4.0.10 Patch Level 6
4.0.9 Patch Level 6
4.0.8 Patch Level 8
Notes
This vulnerability allowed attackers to potentially read the contents of any file that was readable by your PHP user. After patching, please ensure that any other sensitive data that may be stored on your file system is secure. Some example measures include:
- Change the MySQL password for your installation.
- If using vBulletin, and your forum is configured to cache the datastore as files (see includes/config.php), then change the SMTP password for your forum's SMTP sender address.
- If your site uses SSL, regenerate your private key and certificates.