VWE-2016-3063 Viewing Source [template]Vulnerability | cve= | aka=VerQuatch Vulnerability | severity=High | difficulty=Easy | description=Local File Inclusion. In PHP < 5.3.3, also Remote Code Execution. | discover-date=November 14, 2016 | patch-date=November 15, 2016 | patches=4.0.15 Patch Level 1 4.0.14 Patch Level 4 4.0.13 Patch Level 4 4.0.12 Patch Level 5 4.0.11 Patch Level 5 4.0.10 Patch Level 6 4.0.9 Patch Level 6 4.0.8 Patch Level 8 | workaround=It is not possible to workaround this vulnerability. A successful exploit is still possible even while VaultWiki is disabled in your site's Add-On/Product Manager. [/template] [h=3]Notes[/h] This vulnerability allowed attackers to potentially read the contents of any file that was readable by your PHP user. After patching, please ensure that any other sensitive data that may be stored on your file system is secure. Some example measures include: [list][*]Change the MySQL password for your installation. [*]If using vBulletin, and your forum is configured to cache the datastore as files (see [i]includes/config.php[/i]), then change the SMTP password for your forum's SMTP sender address. [*]If your site uses SSL, regenerate your private key and certificates.[/list] 1,225 characters