VWE-2017-4287 Viewing Source [template]Vulnerability | cve= | aka= | severity=High | difficulty=Normal | description=Denial of Service. Due to a flaw in the integration system, users with certain permissions may be able to replace certain forum nodes with fatal errors. | lite=no | discover-date=November 19, 2017 | patch-date=December 1, 2017 | patches=4.0.20 Patch Level 1 4.0.19 Patch Level 4 4.0.18 Patch Level 5 4.0.17 Patch Level 7 4.0.16 Patch Level 8 4.0.15 Patch Level 12 | workaround=In the Wiki Admin Panel, go to Content > Integration, and delete all forum integrations (disabling will not work).[/template] [h=3]Notes[/h] The patch will not correct existing fatal errors; this would require a full upgrade when the next version is released. For forums that were already replaced with fatal errors, run the following MySQL query (replacing "AFFECTED_FORUM_ID" with the appropriate number): [code]DELETE vw_integrate FROM vw_integrate AS vw_integrate LEFT JOIN vw_nodetype AS vw_nodetype ON (vw_nodetype.id = vw_integrate.itemtypeid) WHERE vw_nodetype.accesskey = 'Page' AND vw_integrate.nodeid = AFFECTED_FORUM_ID[/code] 1,125 characters