VWE-2018-4670 Viewing Source [template]Vulnerability | cve= | aka= | severity=High | difficulty=Easy | description=Denial of Service amplification. Due to a lack of limits on template usage, using a specially crafted wiki page and wiki templates, it may be possible to execute many thousands of queries on the wiki page, which may cause MySQL or PHP to become unresponsive under load. | platform=XF | lite= | issueid= | discover-date=September 26, 2018 | patch-date=October 8, 2018 | patches=4.0.24 Patch Level 1 4.0.23 Patch Level 3 4.0.22 Patch Level 5 4.0.21 Patch Level 6 4.0.20 Patch Level 9 | workaround= [/template] [h=3]Notes[/h] The fix places hard limits on the number of templates, including templates within other templates, that each page is allowed to render. Although amplification is only possible on XenForo platforms, the patch also makes changes to vBulletin-related code. 881 characters