VWE-2021-6363 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6363
This page is a chapter in Info Known Vulnerabilities

This page has been seen 489 times.

- Created by
  pegasus
  on March 3, 2024

Common Name None
VWE-ID VWE-2021-6363
Related Report None
Severity MEDIUM
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. A user can use a specially-crafted form submission to save more than the maximum allowed number of attachments per wiki comment.

Discovered December 4, 2021
Resolved January 1, 2022
Patches Available 4.1.3 Patch Level 2
4.1.2 Patch Level 5
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
As of the patch date, variations of the issue also affected basic content-types in stock installations of both vBulletin and XenForo.

Common Name	None
VWE-ID	VWE-2021-6363
Related Report	None
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. A user can use a specially-crafted form submission to save more than the maximum allowed number of attachments per wiki comment.
Discovered	December 4, 2021
Resolved	January 1, 2022
Patches Available	4.1.3 Patch Level 2 4.1.2 Patch Level 5