The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6363 Related Report None Severity MEDIUM Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. A user can use a specially-crafted form submission to save more than the maximum allowed number of attachments per wiki comment.
Discovered December 4, 2021 Resolved January 1, 2022 Patches Available 4.1.3 Patch Level 2
4.1.2 Patch Level 5Notes
As of the patch date, variations of the issue also affected basic content-types in stock installations of both vBulletin and XenForo.
This page has been seen 43,071 times.
-
-
Created by on
-