Vulnerability Details CVE-2019-9889
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
Products affected by CVE-2019-9889
-
cpe:2.3:a:vanillaforums:vanilla:-
-
cpe:2.3:a:vanillaforums:vanilla:2.0.0
-
cpe:2.3:a:vanillaforums:vanilla:2.0.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.11
-
cpe:2.3:a:vanillaforums:vanilla:2.0.12
-
cpe:2.3:a:vanillaforums:vanilla:2.0.13
-
cpe:2.3:a:vanillaforums:vanilla:2.0.14
-
cpe:2.3:a:vanillaforums:vanilla:2.0.15
-
cpe:2.3:a:vanillaforums:vanilla:2.0.16
-
cpe:2.3:a:vanillaforums:vanilla:2.0.16.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.2
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.9
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.11
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.12
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.13
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.9
-
cpe:2.3:a:vanillaforums:vanilla:2.0.2
-
cpe:2.3:a:vanillaforums:vanilla:2.0.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.9
-
cpe:2.3:a:vanillaforums:vanilla:2.1.0
-
cpe:2.3:a:vanillaforums:vanilla:2.1.1
-
cpe:2.3:a:vanillaforums:vanilla:2.1.10
-
cpe:2.3:a:vanillaforums:vanilla:2.1.11
-
cpe:2.3:a:vanillaforums:vanilla:2.1.12
-
cpe:2.3:a:vanillaforums:vanilla:2.1.2
-
cpe:2.3:a:vanillaforums:vanilla:2.1.3
-
cpe:2.3:a:vanillaforums:vanilla:2.1.6
-
cpe:2.3:a:vanillaforums:vanilla:2.1.7
-
cpe:2.3:a:vanillaforums:vanilla:2.1.8
-
cpe:2.3:a:vanillaforums:vanilla:2.1.9
-
cpe:2.3:a:vanillaforums:vanilla:2.2.0
-
cpe:2.3:a:vanillaforums:vanilla:2.2.1
-
cpe:2.3:a:vanillaforums:vanilla:2.2.3.4
-
cpe:2.3:a:vanillaforums:vanilla:2.2.3.6
-
cpe:2.3:a:vanillaforums:vanilla:2.3.0
-
cpe:2.3:a:vanillaforums:vanilla:2.5.0
-
cpe:2.3:a:vanillaforums:vanilla:2.5.1
-
cpe:2.3:a:vanillaforums:vanilla:2.5.3
-
cpe:2.3:a:vanillaforums:vanilla:2.5.4
-
cpe:2.3:a:vanillaforums:vanilla:2.5.5
-
cpe:2.3:a:vanillaforums:vanilla:2.5.6
-
cpe:2.3:a:vanillaforums:vanilla:2.6.0
-
cpe:2.3:a:vanillaforums:vanilla:2.6.1
-
cpe:2.3:a:vanillaforums:vanilla:2.6.3