Privilege escalation in Kunena

#VU13874 Privilege escalation in Kunena

Published: 2018-07-16

Vulnerability identifier: #VU13874

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Kunena
Web applications / Modules and components for CMS

Vendor: The Kunena Project

Description

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. An adjacent attacker can gain full privileges on a users uploaded attachments.

Mitigation
Update to version 5.1.2.

Vulnerable software versions

Kunena: 5.0.0 - 5.1.1

External links
http://www.kunena.org/blog/194-kunena-5-1-2-released

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Kunena for Joomla!