VWE-2017-4012 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4012
This page is a chapter in Info Known Vulnerabilities

This page has been seen 181,314 times.

- Created by
  pegasus
  on September 24, 2017
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name None
VWE-ID VWE-2017-4012
Related Report None
Severity Extreme
Exploit Difficulty EASY
Platform XenForo
Description CAN-SPAM Non-Compliance. Some automatic subscription emails sent during import are missing compliance-related information. Does not affect Lite versions.

Discovered September 13, 2017
Resolved September 24, 2017
Patches Available 4.0.19 Patch Level 2
4.0.18 Patch Level 3
4.0.17 Patch Level 5
4.0.16 Patch Level 6
4.0.15 Patch Level 10
Workaround
While importing content into VaultWiki, add the following line to XenForo's /library/config.php:
Code:
$config['enableMail'] = false;
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2017-4012
Related Report	None
Severity	Extreme
Exploit Difficulty	EASY
Platform	XenForo
Description	CAN-SPAM Non-Compliance. Some automatic subscription emails sent during import are missing compliance-related information. Does not affect Lite versions.
Discovered	September 13, 2017
Resolved	September 24, 2017
Patches Available	4.0.19 Patch Level 2 4.0.18 Patch Level 3 4.0.17 Patch Level 5 4.0.16 Patch Level 6 4.0.15 Patch Level 10
Workaround	While importing content into VaultWiki, add the following line to XenForo's /library/config.php: Code: $config['enableMail'] = false;