Main Vulnerability Database Vulnerabilities #VU13874

#VU13874 Privilege escalation in Kunena

Published: July 16, 2018

Vulnerability identifier: #VU13874

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Kunena

Software vendor:
The Kunena Project

Description

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. An adjacent attacker can gain full privileges on a users uploaded attachments.

Remediation

Update to version 5.1.2.

External links

https://www.kunena.org/blog/194-kunena-5-1-2-released