Input validation error in Vanilla - CVE-2013-3528

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU42848

Input validation error in Vanilla - CVE-2013-3528

Published: May 11, 2013 / Updated: August 11, 2020


Vulnerability identifier: #VU42848
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2013-3528
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: Public exploit is available
Vendor: Lussumo
Affected software:
Vanilla

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."


How to mitigate CVE-2013-3528

Install update from vendor's website.

Sources