WEB APPLICATION VULNERABILITIES Standard & Premium

Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)

Description

Vanilla 2.6.x before 2.6.4 allows remote code execution.

Remediation

References

Related Vulnerabilities

WordPress Plugin Essential Content Types Security Bypass (1.4)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42220)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5020)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7052)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263)

Severity

Critical

Classification

CVE-2018-18903 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities