Vanillaforums » Vanilla : Security Vulnerabilities, CVEs, CVSS score >= 7
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Max CVSS
7.2
EPSS Score
0.33%
Published
2018-11-23
Updated
2019-10-03
Vanilla 2.6.x before 2.6.4 allows remote code execution.
Max CVSS
9.8
EPSS Score
4.29%
Published
2018-11-03
Updated
2018-12-26
CVE-2016-10073
Public exploit
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Max CVSS
7.5
EPSS Score
0.80%
Published
2017-05-23
Updated
2019-07-11
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
Max CVSS
7.5
EPSS Score
0.66%
Published
2013-05-10
Updated
2020-06-04
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Max CVSS
7.5
EPSS Score
0.25%
Published
2013-05-10
Updated
2020-06-04
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
Max CVSS
9.8
EPSS Score
0.19%
Published
2020-01-22
Updated
2020-01-28
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
Max CVSS
7.5
EPSS Score
0.15%
Published
2020-01-22
Updated
2020-01-28
7 vulnerabilities found