CVE-2018-16410

2018-09-0319:00:00

mitre

www.cve.org

AI Score

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.

References

hackerone.com/reports/353784

open.vanillaforums.com/discussion/36559