VWE-2017-4032 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4032
This page is a chapter in Info Known Vulnerabilities

This page has been seen 192,936 times.

    • Created by on
      Last updated by on
Common NameNone
VWE-IDVWE-2017-4032
Related ReportNone
SeverityMEDIUM
Exploit DifficultyEASY
PlatformvBulletin
DescriptionPermissions escalation. Users may be able to upload images that exceed maximum allowed dimensions and/or file-size if admin has chosen to store the binary data of uploaded attachments in the database. Does not affect Lite versions.
DiscoveredSeptember 20, 2017
ResolvedSeptember 24, 2017
Patches Available4.0.19 Patch Level 2
4.0.18 Patch Level 3
4.0.17 Patch Level 5
4.0.16 Patch Level 6
4.0.15 Patch Level 10
WorkaroundIn the Wiki Admin Panel, go to Content > Attachments, and make sure that attachments are stored as files.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.