Remote Code Execution in Vanilla Forums before 2.5.5 and 2.6.x before 2.6.2 via Unserialize in Gdn_Format Class

Remote Code Execution in Vanilla Forums before 2.5.5 and 2.6.x before 2.6.2 via Unserialize in Gdn_Format Class

CVE-2018-19499 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.

Learn more about our Web Application Penetration Testing UK.