Description Vanilla 2.6.x before 2.6.4 allows remote code execution. Remediation References CVE-2018-18903 Related Vulnerabilities GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23818) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-5114) WordPress Plugin SecureMoz Security Audit PHP Object Injection (1.0.5) PHP Other Vulnerability (CVE-2007-1711) WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.3.0) Severity Critical Classification CVE-2018-18903 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities