Main Vulnerability Database Vulnerabilities #VU13874

Privilege escalation in Kunena - #VU13874

Published: July 16, 2018

Vulnerability identifier: #VU13874

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: The Kunena Project

Affected software:
Kunena

Detailed vulnerability description

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. An adjacent attacker can gain full privileges on a users uploaded attachments.

Remediation

Update to version 5.1.2.

Sources

https://www.kunena.org/blog/194-kunena-5-1-2-released

Privilege escalation in Kunena - #VU13874

Detailed vulnerability description

Remediation

Sources

Please verify you're human