VWE-2020-5645 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2020-5645
This page is a chapter in Info Known Vulnerabilities

This page has been seen 78,266 times.

    • Created by on
Common NameNone
VWE-IDVWE-2020-5645
Related ReportNone
SeverityLOW
Exploit DifficultyEASY
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionLocal File Inclusion. A malicious attacker can load arbitrary VaultWiki PHP files into memory outside of the intended execution pattern for those files. However, the attacker receives a fatal error when doing so.
DiscoveredMarch 11, 2020
ResolvedApril 7, 2020
Patches Available4.1.0 RC 2 Patch Level 1
4.1.0 RC 1 Patch Level 2
4.0.28 Patch Level 2
4.0.27 Patch Level 5
4.0.26 Patch Level 7
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.