Lucene search
K

5 matches found

CVE
CVE
added 2020/01/22 5:27 p.m.63 views

CVE-2011-3614

CVE-2011-3614 affects Vanilla Forums (Facebook, Twitter, and Embedded plugins) prior to version 2.0.17.9. The issue is an Access Control vulnerability that could impact confidentiality, integrity, and availability. Remediation: upgrade to Vanilla Forums 2.0.17.9 or newer; apply any vendor-supplie...

9.8CVSS9.3AI score0.01958EPSS
CVE
CVE
added 2020/01/22 5:19 p.m.56 views

CVE-2011-3613

Vanilla Forums before 2.0.17.9 contains a cookie handling issue that can lead to information disclosure. The vulnerability affects Vanilla Forums (PHP-based open source forum) and is described across multiple connected entries (CVE-2011-3613; CNVD-2020-13206). Root cause: improper cookie handling...

7.5CVSS7.4AI score0.0173EPSS
CVE
CVE
added 2018/11/23 7:0 p.m.52 views

CVE-2018-19499

The CVE-2018-19499 issue affects Vanilla Forums (Vanilla) where the unserialize vulnerability is in the Gdn_Format class. A crafted phar-archive can trigger remote code execution, requiring authentication (which can be bypassed according to the advisory) and allowing code execution under the web ...

7.2CVSS7.1AI score0.02017EPSS
CVE
CVE
added 2019/03/20 10:12 p.m.52 views

CVE-2019-9889

Vanilla Forums vulnerability CVE-2019-9889 affects Vanilla before 2.6.4. The flaw is in AddonManager::getSingleIndex where a crafted type value leads to a Directory Traversal with File Inclusion, enabling remote code execution under the web server's context. Reports confirm the issue allows code ...

4CVSS4.1AI score0.02425EPSS
CVE
CVE
added 2018/09/28 5:0 a.m.43 views

CVE-2018-17571

CVE-2018-17571 affects Vanilla before 2.6.1. The vulnerability is a cross-site scripting (XSS) flaw reachable via the email field in a user profile. The connected CNVD/NVD/OSV entries consistently describe the same issue and identify Vanilla 2.6.1 as the fixed version. Practical impact, per the s...

6.1CVSS5.9AI score0.00675EPSS