Vulnerability Details CVE-2018-18903
Vanilla 2.6.x before 2.6.4 allows remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4
- https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4
- https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html
- https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4
- https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4
- https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html
Products affected by CVE-2018-18903
-
cpe:2.3:a:vanillaforums:vanilla:2.6.0
-
cpe:2.3:a:vanillaforums:vanilla:2.6.1
-
cpe:2.3:a:vanillaforums:vanilla:2.6.3