5 matches found
CVE-2011-3614
CVE-2011-3614 affects Vanilla Forums (Facebook, Twitter, and Embedded plugins) prior to version 2.0.17.9. The issue is an Access Control vulnerability that could impact confidentiality, integrity, and availability. Remediation: upgrade to Vanilla Forums 2.0.17.9 or newer; apply any vendor-supplie...
CVE-2011-3613
Vanilla Forums before 2.0.17.9 contains a cookie handling issue that can lead to information disclosure. The vulnerability affects Vanilla Forums (PHP-based open source forum) and is described across multiple connected entries (CVE-2011-3613; CNVD-2020-13206). Root cause: improper cookie handling...
CVE-2018-19499
The CVE-2018-19499 issue affects Vanilla Forums (Vanilla) where the unserialize vulnerability is in the Gdn_Format class. A crafted phar-archive can trigger remote code execution, requiring authentication (which can be bypassed according to the advisory) and allowing code execution under the web ...
CVE-2019-9889
Vanilla Forums vulnerability CVE-2019-9889 affects Vanilla before 2.6.4. The flaw is in AddonManager::getSingleIndex where a crafted type value leads to a Directory Traversal with File Inclusion, enabling remote code execution under the web server's context. Reports confirm the issue allows code ...
CVE-2018-17571
CVE-2018-17571 affects Vanilla before 2.6.1. The vulnerability is a cross-site scripting (XSS) flaw reachable via the email field in a user profile. The connected CNVD/NVD/OSV entries consistently describe the same issue and identify Vanilla 2.6.1 as the fixed version. Practical impact, per the s...