Shodan
Vulnerabilities
Vulnerable Software
Vanillaforums:  >> Vanilla  >> 2.0.17.3  Security Vulnerabilities
CVE-2011-1009
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-02-05
CVE-2011-3613
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-22
CVE-2011-3614
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-01-22
CVE-2019-9889
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
CVSS Score
2.7
EPSS Score
0.003
Published
2019-03-21
CVE-2018-19499
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
CVSS Score
7.2
EPSS Score
0.023
Published
2018-11-23
CVE-2018-17571
Vanilla before 2.6.1 allows XSS via the email field of a profile.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-28
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
CVSS Score
7.5
EPSS Score
0.683
Published
2017-05-23
CVE-2014-9685
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-02-25
CVE-2013-3527
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
CVSS Score
7.5
EPSS Score
0.036
Published
2013-05-10
CVE-2013-3528
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
CVSS Score
7.5
EPSS Score
0.045
Published
2013-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved