VWE-2019-5266 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2019-5266
This page is a chapter in Info Known Vulnerabilities

This page has been seen 188,081 times.

- Created by
  pegasus
  on October 12, 2019

Common Name None
VWE-ID VWE-2019-5266
Related Report #5779
Severity MEDIUM
Exploit Difficulty NORMAL
Platform XenForo 2.x
Description Permissions Escalation. Users can use specially crafted BB-Codes and template parameters to circumvent area parser settings. Does not affect Lite versions.

Discovered May 31, 2019
Resolved June 7, 2019
Patches Available 4.1.0 Beta 2
Workaround In AdminCP > Wiki > Structures > Content Types, disable the Template type.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2019-5266
Related Report	#5779
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	XenForo 2.x
Description	Permissions Escalation. Users can use specially crafted BB-Codes and template parameters to circumvent area parser settings. Does not affect Lite versions.
Discovered	May 31, 2019
Resolved	June 7, 2019
Patches Available	4.1.0 Beta 2
Workaround	In AdminCP > Wiki > Structures > Content Types, disable the Template type.