Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.
Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums.
Golunski reported the issues to Vanilla Forums in January and while a support team acknowledged his reports, he’s experienced five months of silence from the company since, something that prompted him to finally disclose the vulnerabilities Thursday via his ExploitBox.io service.
Leave a reply
