Vanilla: Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Summary: An authenticated admin user can inject an serialized payload into a phar archive and trigger read access to it via an unprotected fileexists. An attacker can leverage this to deserialize untrusted data and gain remote code execution. Notes: - You need to have an admin account to run this...