Filtered by vendor Vanillaforums
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18903 | 1 Vanillaforums | 1 Vanilla | 2024-08-05 | N/A |
Vanilla 2.6.x before 2.6.4 allows remote code execution. | ||||
CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2024-08-05 | N/A |
Vanilla before 2.6.1 allows XSS via the email field of a profile. | ||||
CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2024-08-05 | N/A |
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | ||||
CVE-2018-15833 | 1 Vanillaforums | 1 Vanilla Forums | 2024-08-05 | N/A |
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | ||||
CVE-2019-9889 | 1 Vanillaforums | 1 Vanilla | 2024-08-04 | N/A |
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. | ||||
CVE-2020-8825 | 1 Vanillaforums | 1 Vanilla | 2024-08-04 | 5.4 Medium |
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. |