Main Vulnerability Database Vulnerabilities #VU42848

#VU42848 Input validation error in Vanilla - CVE-2013-3528

Published: May 11, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42848

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2013-3528

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Vanilla

Software vendor:
Lussumo

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

Remediation

Install update from vendor's website.

External links

http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7
https://exchange.xforce.ibmcloud.com/vulnerabilities/84167
https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804

#VU42848 Input validation error in Vanilla - CVE-2013-3528

Description

Remediation

External links

Please verify you're human