VWE-2018-4336 Viewing Source [template]Vulnerability | cve= | aka= | issueid=5338 | severity=Medium | difficulty=Hard | description=Permissions Escalation. It is theoretically possible to parse legacy wiki syntax that exists in an unprivileged context within a privileged context. However, an exploit would rely on also having third-party or custom BB-Codes that have been coded in a specific way; it is believed that no such BB-Codes currently exist. Under vBulletin, affects all versions of VaultWiki 2.x from 2.2.0, 3.x, and 4.x series. Under XenForo, affects all versions prior to 4.0.7, but patches for [wiki]VWE-2015-1601[/wiki] are not affected. | lite=no | discover-date=January 14, 2018 | patch-date=February 8, 2018 | patches=4.0.20 Patch Level 3 4.0.19 Patch Level 6 4.0.18 Patch Level 7 4.0.17 Patch Level 9 | workaround=In Settings > Options > VaultWiki: Miscellaneous, disable Legacy Syntax support.[/template] 909 characters