Vanillaforums » Vanilla : Security Vulnerabilities, CVEs, (Sql injection)
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-09-03
Updated
2018-10-25
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Max CVSS
7.5
EPSS Score
0.25%
Published
2013-05-10
Updated
2020-06-04
2 vulnerabilities found