EUVD-2018-11188

Malware in sbrugna...

Design/Logic Flaw

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the GdnFormat class...

CVE-2018-19499

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the GdnFormat class...

CVE-2018-19499

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the GdnFormat class...

CVE-2018-19499

The CVE-2018-19499 issue affects Vanilla Forums (Vanilla) where the unserialize vulnerability is in the Gdn_Format class. A crafted phar-archive can trigger remote code execution, requiring authentication (which can be bypassed according to the advisory) and allowing code execution under the web ...

Vanilla: Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability

Summary: An authenticated admin user can trigger a call to unserialize which can allow an attacker to gain remote code execution. Description: Please bare with me on this one, it's heavy. Ok, so after setting a Garden.TouchIcon setting it can be several settings, this is just an example of one we...

SRC-2018-0032 : Vanilla Forums Gdn_Format unserialize Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the unserialize function...