The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2020-5943 Related Report None Severity MEDIUM Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Denial of Service. A sanitization issue in AJAX-submitted input allows invalid UTF-8 characters to pass verification, and could result in the prevention of moderator access to XenForo 2.x's approval queue if it contains affected content. The underlying sanitization issue has existed since 4.0.0 Gamma 6 and exists in all platforms; however, the code was never used on XenForo-based platforms in the VaultWiki 4.0.x series. The issue has been exploited in the wild as early as June 2017 on vBulletin-based platforms. The malicious effect can only be realized in the following situations:
- vBulletin installations, running VaultWiki 4.0.0 Gamma 6 or higher when exploited, if that installation converts to XenForo 1.x running VaultWiki, and later converts to XenForo 2.x running VaultWiki.
- XenForo installations, running VaultWiki 4.1.x or higher when exploited, if that installation now runs XenForo 2.x
Discovered October 7, 2020 Resolved November 8, 2020 Patches Available 4.1.0 Patch Level 2
4.1.0 RC 3 Patch Level 4
4.1.0 RC 2 Patch Level 5
4.1.0 RC 1 Patch Level 6
4.0.28 Patch Level 6
This page has been seen 182,628 times.
-
-
Created by on
-