SQL Injection Vulnerability in Vanilla 2.6.1
CVE-2018-16410 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.