3 matches found
CVE-2018-19499
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the GdnFormat class...
CVE-2018-19499
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the GdnFormat class...
CVE-2018-19499
The CVE-2018-19499 issue affects Vanilla Forums (Vanilla) where the unserialize vulnerability is in the Gdn_Format class. A crafted phar-archive can trigger remote code execution, requiring authentication (which can be bypassed according to the advisory) and allowing code execution under the web ...