CVE-2018-16410

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
References
Link Resource
https://open.vanillaforums.com/discussion/36559 Patch Vendor Advisory
https://hackerone.com/reports/353784 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:vanillaforums:vanilla:2.6.1:*:*:*:*:*:*:*

Information

Published : 2018-09-03 07:29

Updated : 2018-10-25 06:00


NVD link : CVE-2018-16410

Mitre link : CVE-2018-16410

Products Affected
No products.
CWE