VWE-2021-6191 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6191
This page is a chapter in Info Known Vulnerabilities

This page has been seen 97,047 times.

    • Created by on
Common NameNone
VWE-IDVWE-2021-6191
Related ReportNone
SeverityHIGH
Exploit DifficultyEASY
PlatformXenForo 2.x
DescriptionPermissions Escalation and Data Loss. Some edits do not preserve existing custom field values from the previous edit. This is most common for edits generated from outside the Edit tab, such as mass edits. Within the Edit tab, when a user who does not have permission to change any custom field for a page edits that page, the unpermitted custom fields may be changed to a blank value. Does not affect Lite versions.
DiscoveredAugust 8, 2021
ResolvedSeptember 14, 2021
Patches Available4.1.2 Patch Level 2
4.1.1 Patch Level 7
4.1.0 Patch Level 9
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.