VWE-2021-6364 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6364
This page is a chapter in Info Vulnerable Versions

This page has been seen 323 times.

- Created by
  pegasus
  on March 3, 2024

Common Name None
VWE-ID VWE-2021-6364
Related Report None
Severity LOW
Exploit Difficulty Difficult
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. A user can associate an attachment to wiki comments where permission to add attachments has been revoked since the user uploaded the attachment.

Discovered December 29, 2021
Resolved January 1, 2022
Patches Available 4.1.3 Patch Level 2
4.1.2 Patch Level 5
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
As of the patch date, variations of the issue also affected basic content-types in stock installations of both vBulletin and XenForo.

Common Name	None
VWE-ID	VWE-2021-6364
Related Report	None
Severity	LOW
Exploit Difficulty	Difficult
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. A user can associate an attachment to wiki comments where permission to add attachments has been revoked since the user uploaded the attachment.
Discovered	December 29, 2021
Resolved	January 1, 2022
Patches Available	4.1.3 Patch Level 2 4.1.2 Patch Level 5