The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6347 Related Report #6276 Severity MEDIUM Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. A user can circumvent the maximum allowed file size for an attachment by uploading a specially-crafted image file in excess of the maximum allowed dimensions. Does not affect Lite versions.
Discovered November 29, 2021 Resolved December 1, 2021 Patches Available 4.1.3 Patch Level 1
4.1.2 Patch Level 4
4.1.1 Patch Level 9
NotesAlthough the underlying issue affects all versions of the VaultWiki 4.x series, it can be exploited to greatest effect in 4.0.20 and higher, as well as in patches for VWE-2017-4030.
This page has been seen 79,832 times.