VWE-2017-4004
Return to current revision
General Differences
- changed the meta description
-
-
[template]Vulnerability -
+
XZLbSgNBDIbvBd8hD1DXtp4vVhAPICgIgl6IF+luths6h2WSsQ o+vJltFepVJl+SyST/vCn5waHS+0t2gRIu2LF+7e99Q/NBdbG4wtEKfVCyWP3IIaZCWu46brIzdosyFrUkTeJBOYb6iZJn ETsKGEZrY+cK7mICiZ6gY0egXwPJBBCyUIIGA+TBRWyBPS5JYM 3aW7TnZW/xNbfm2gU9GVDQ3grQubimFlDAxbAsVnuCkP3CSmIHA3...
-
Differences in Content
-
-
[template]Vulnerability
| cve=
| aka=
| severity=Minor
| difficulty=Easy
| description=Permissions escalation. For some file types, a user can upload images with a higher width or height than allowed as long as the number of pixels is smaller than the permitted amount. Does not affect VaultWiki Lite.
| discover-date=August 12, 2017
| patch-date=
| patches=
| workaround=In Content > Attachments, for each image file-type, set both maximum width and maximum height to the same number.[/template] -
+
XZLbSgNBDIbvBd8hD1DXtp4vVhAPICgIgl6IF+luths6h2WSsQo+vJltFepVJl+SyST/vCn5waHS+0t2gRIu2LF+7e99Q/NBdbG4wtEKfVCyWP3IIaZCWu46brIzdosyFrUkTeJBOYb6iZJnETsKGEZrY+cK7mICiZ6gY0egXwPJBBCyUIIGA+TBRWyBPS5JYM3aW7TnZW/xNbfm2gU9GVDQ3grQubimFlDAxbAsVnuCkP3CSmIHA3+SE2AB8ZZscKwrSUN5pGqp9jEHreAmWtcQFbDrqFF4QZvwlVcMD6xUbQaXJto2DlrbXH2Vl1kUZvMJzKezs5IwoDb9JvpMg+24PGR+/C+BpD6uptXsAp6KCw+2YQfz/b2Rnu/Qoy0926EnW3q6Q0+39GSHzqal8TqmFSabtK3vA1zHoBQULuFKFZvem2NidLZgMnejwajTQdFpYp9AYRFNAo+f7LPfCoKh/SO/ysRxv4L+V4nq7fDvt/0A