VWE-2018-4485
Return to current revision
Current Revision
April 8, 2018, 11:18 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Low
| difficulty=Normal -
-
| description=Permissions Escalation. [wiki]VWE-2017-4318[/wiki] was incorrectly applied. Users may be able to view the titles of content in a Similar Content block, without permission to view that content, by leveraging the WIDGET BB-Code. Does not affect the Lite version. -
+
| description=Permissions Escalation. [wiki]VWE-2017-4318[/wiki] was incorrectly applied. Users may be able to view the titles of content in a Similar Content block, without permission to view that content, by leveraging the WIDGET BB-Code.
| lite=no -
| discover-date=February 16, 2018
| patch-date=March 16, 2018
| patches=4.0.21 Patch Level 1
4.0.20 Patch Level 4
4.0.19 Patch Level 7
4.0.18 Patch Level 8
4.0.17 Patch Level 10
| workaround=In your AdminCP, go to your forum's Custom BB-Codes manager, and locate the WIDGET BB-Code. In the BB-Code's settings:
[list][*]Set Wiki-Related Options > Parse BB-Code in Wiki pages? = No.
Set Wiki-Related Options > Parse BB-Code in non-wiki messages? = No.[/list]
[/template]