Vanilla Security Vulnerabilities and Issues — Vanilla CVE List

Lucene search

LussumoVanilla

2 matches found

CVE•added 2007/10/23 9:47 p.m.•40 views

CVE-2007-5643

Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.

7.5CVSS8.6AI score0.00948EPSS

CVE•added 2007/10/23 9:47 p.m.•37 views

CVE-2007-5644

Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.

7.5CVSS6.8AI score0.02007EPSS