SQL Injection Vulnerability in Vanilla 2.6.1

CVE-2018-16410 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.