VWE-2020-5603 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2020-5603
This page is a chapter in Info Known Vulnerabilities

This page has been seen 77,297 times.

- Created by
  pegasus
  on October 14, 2021

Common Name None
VWE-ID VWE-2020-5603
Related Report None
Severity MEDIUM
Exploit Difficulty EASY
Platform vBulletin
Description Permissions Escalation. By leveraging nested templates, a user can alter the permissions of a containing template to that of a contained template. Does not affect Lite versions.

Discovered February 5, 2020
Resolved March 6, 2020
Patches Available 4.1.0 RC 1 Patch Level 1
4.0.28 Patch Level 1
4.0.27 Patch Level 4
4.0.26 Patch Level 6
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2020-5603
Related Report	None
Severity	MEDIUM
Exploit Difficulty	EASY
Platform	vBulletin
Description	Permissions Escalation. By leveraging nested templates, a user can alter the permissions of a containing template to that of a contained template. Does not affect Lite versions.
Discovered	February 5, 2020
Resolved	March 6, 2020
Patches Available	4.1.0 RC 1 Patch Level 1 4.0.28 Patch Level 1 4.0.27 Patch Level 4 4.0.26 Patch Level 6