VWE-2020-5805 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2020-5805
This page is a chapter in Info Known Vulnerabilities

This page has been seen 67,816 times.

    • Created by on
Common NameNone
VWE-IDVWE-2020-5805
Related ReportNone
SeverityMEDIUM
Exploit DifficultyNORMAL
PlatformvBulletin
DescriptionPermissions Escalation. Hook bbcode_parse_start sees NULL for $forumid in wiki content, which could cause parsing with parser settings for non-wiki content, regardless of area settings, with certain third-party add-ons such as CES Parser Permissions.
DiscoveredApril 14, 2020
ResolvedMay 7, 2020
Patches Available4.1.0 RC 2 Patch Level 2
4.1.0 RC 1 Patch Level 3
4.0.28 Patch Level 3
4.0.27 Patch Level 6
4.0.26 Patch Level 8
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.