Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanilla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-5644
Lussumo Vanilla 1.1.3 and previous versions does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote malicious users to conduct unauthorized sort operations and other activities.
Lussumo Vanilla
1 EDB exploit
5.1
CVSSv2
CVE-2006-3850
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and previous versions, when /conf/old_settings.php exists, allows remote malicious users to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a th...
Lussumo Vanilla
1 EDB exploit
6.5
CVSSv2
CVE-2018-19499
Vanilla prior to 2.5.5 and 2.6.x prior to 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Vanillaforums Vanilla
4.3
CVSSv2
CVE-2018-17571
Vanilla prior to 2.6.1 allows XSS via the email field of a profile.
Vanillaforums Vanilla
5
CVSSv2
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vanillaforums Vanilla
1 EDB exploit
1 Article
4.3
CVSSv2
CVE-2010-4264
It was found in vanilla forums prior to 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Vanillaforums Vanilla Forums
3.5
CVSSv2
CVE-2020-8825
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
Vanillaforums Vanilla 2.6.3
1 Github repository
5
CVSSv2
CVE-2011-3812
Vanilla 2.0.16 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Vanillaforums Vanilla 2.0.16
3.5
CVSSv2
CVE-2019-8279
Multiple stored XSS in Vanilla Forums prior to 2.5 allow remote malicious users to inject arbitrary JavaScript code into any message on forum.
Vanillaforums Vanilla Forums
4
CVSSv2
CVE-2018-15833
In Vanilla prior to 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vanillaforums Vanilla Forums
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »