The Latest in IT Security

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

12
May
2017
Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

information-security_fzjp

Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums.

Golunski reported the issues to Vanilla Forums in January and while a support team acknowledged his reports, he’s experienced five months of silence from the company since, something that prompted him to finally disclose the vulnerabilities Thursday via his ExploitBox.io service.

Read More

Leave a reply


Categories

FRIDAY, SEPTEMBER 22, 2017

Featured

Archives

Latest Comments

Social Networks