The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6259 Related Report None Severity Extreme Exploit Difficulty NORMAL Platform XenForo 2.x Description Denial of Service amplification. A distributed attack by malicious editors can consume all memory allocated to PHP by leveraging massive numbers of template inclusions within complex template fields and saving the affected pages simultaneously. Does not affect Lite versions.
Discovered October 19, 2021 Resolved October 25, 2021 Patches Available 4.1.2 Patch Level 3
4.1.1 Patch Level 8
This page has been seen 75,062 times.