Vanilla prior to 2.5.5 and 2.6.x prior to 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vanillaforums vanilla |