The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4670 Related Report None Severity HIGH Exploit Difficulty EASY Platform XenForo Description Denial of Service amplification. Due to a lack of limits on template usage, using a specially crafted wiki page and wiki templates, it may be possible to execute many thousands of queries on the wiki page, which may cause MySQL or PHP to become unresponsive under load.
Discovered September 26, 2018 Resolved October 8, 2018 Patches Available 4.0.24 Patch Level 1
4.0.23 Patch Level 3
4.0.22 Patch Level 5
4.0.21 Patch Level 6
4.0.20 Patch Level 9
Workaround It is not possible to workaround this issue.
NotesThe fix places hard limits on the number of templates, including templates within other templates, that each page is allowed to render. Although amplification is only possible on XenForo platforms, the patch also makes changes to vBulletin-related code.
This page has been seen 1,072 times.