VWE-2017-3992 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-3992
This page is a chapter in Info Known Vulnerabilities

This page has been seen 209,652 times.

    • Created by on
      Last updated by on
Common NameNone
VWE-IDVWE-2017-3992
Related ReportNone
SeverityLOW
Exploit DifficultyDifficult
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionPermissions escalation. If image support for a file-type is activated later, prior uploads of that type will be treated as images even if they now exceed the permitted width and height. Does not affect Lite versions.
DiscoveredAugust 24, 2017
ResolvedSeptember 13, 2017
Patches Available4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12
WorkaroundDo not activate image support for any file-types in Content > Attachments or reduce the permitted dimensions after there are already uploads of the given type.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.