Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vanilla
(Vanillaforums)Repositories | https://github.com/vanillaforums/Garden |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-22 | CVE-2011-3613 | An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | Vanilla | N/A | ||
2017-05-23 | CVE-2016-10073 | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | Vanilla | 7.5 | ||
2019-03-21 | CVE-2019-9889 | In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. | Vanilla | 2.7 | ||
2018-11-23 | CVE-2018-19499 | Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | Vanilla | 7.2 | ||
2018-11-03 | CVE-2018-18903 | Vanilla 2.6.x before 2.6.4 allows remote code execution. | Vanilla | 9.8 | ||
2018-09-28 | CVE-2018-17571 | Vanilla before 2.6.1 allows XSS via the email field of a profile. | Vanilla | 6.1 | ||
2018-09-03 | CVE-2018-16410 | Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | Vanilla | 6.5 | ||
2011-09-23 | CVE-2011-3812 | Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | Vanilla | N/A |