Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-04-09
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.23%
Published
2008-08-21
Updated
2017-08-08
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
Max CVSS
7.5
EPSS Score
0.46%
Published
2007-10-23
Updated
2017-09-29
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Max CVSS
7.5
EPSS Score
0.30%
Published
2007-10-23
Updated
2017-09-29
4 vulnerabilities found