The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6364 Related Report None Severity LOW Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. A user can associate an attachment to wiki comments where permission to add attachments has been revoked since the user uploaded the attachment.
Discovered December 29, 2021 Resolved January 1, 2022 Patches Available 4.1.3 Patch Level 2
4.1.2 Patch Level 5Notes
As of the patch date, variations of the issue also affected basic content-types in stock installations of both vBulletin and XenForo.
This page has been seen 43,143 times.
-
-
Created by on
-