VWE-2019-5275 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2019-5275
This page is a chapter in Info Known Vulnerabilities

This page has been seen 204,619 times.

    • Created by on
Common NameNone
VWE-IDVWE-2019-5275
Related ReportNone
SeverityMEDIUM
Exploit DifficultyNORMAL
PlatformXenForo
DescriptionPermissions Escalation. Using template parameters in alternate parser types, such as plain-text, makes it possible to render content using settings from the wrong area. Does not affect Lite versions.
DiscoveredJune 12, 2019
ResolvedJuly 12, 2019
Patches Available4.1.0 Beta 2
4.0.26 Patch Level 2
4.0.25 Patch Level 4
4.0.24 Patch Level 6
WorkaroundIn AdminCP > Wiki > Structures > Content Types, disable the Template type.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.