PT-2018-5206 · Vanilla · Vanilla Forums

Anand Meyyappan

Published

2018-01-02

Updated

2018-01-17

CVE-2017-1000432

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vanilla Forums versions prior to 2.1.5

Description The issue allows for CSRF, which can lead to deleting topics and comments from forums, and requires admin access.

Recommendations For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2017-1000432

Vanilla Forums