Lucene search
VanillaforumsVanilla
4 matches found
CVE-2018-18903
Vanilla 2.6.x before 2.6.4 allows remote code execution.
9.8CVSS9.8AI score0.05127EPSS
CVE-2018-19499
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
7.2CVSS7.1AI score0.0231EPSS
CVE-2018-16410
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
6.5CVSS6.9AI score0.00319EPSS
CVE-2018-17571
Vanilla before 2.6.1 allows XSS via the email field of a profile.
6.1CVSS5.9AI score0.0024EPSS