Описание
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:vanillaforums:vanilla:2.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00319
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
EPSS
Процентиль: 55%
0.00319
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89