Vulnerabilities > CVE-2013-3528 - PHP Code Injection vulnerability in Vanillaforums Vanilla

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

vanillaforums

exploit available

NVD

Published: 2013-05-10

Updated: 2017-08-29

Summary

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

Vulnerable Configurations

Part	Description	Count
Application	Vanillaforums Vanillaforums Vanilla 2.0.1 Vanillaforums Vanilla 2.0.2 Vanillaforums Vanilla 2.0.3 Vanillaforums Vanilla 2.0.4 Vanillaforums Vanilla 2.0.5 Vanillaforums Vanilla 2.0.6 Vanillaforums Vanilla 2.0.7 Vanillaforums Vanilla 2.0.8 Vanillaforums Vanilla 2.0.9 Vanillaforums Vanilla 2.0.10 Vanillaforums Vanilla 2.0.11 Vanillaforums Vanilla 2.0.12 Vanillaforums Vanilla 2.0.13 Vanillaforums Vanilla 2.0.14 Vanillaforums Vanilla 2.0.15 Vanillaforums Vanilla 2.0.16 Vanillaforums Vanilla 2.0.16.1 Vanillaforums Vanilla 2.0.17 Vanillaforums Vanilla 2.0.17.1 Vanillaforums Vanilla 2.0.17.2 Vanillaforums Vanilla 2.0.17.3 Vanillaforums Vanilla 2.0.17.4 Vanillaforums Vanilla 2.0.17.5 Vanillaforums Vanilla 2.0.17.6 Vanillaforums Vanilla 2.0.17.7 Vanillaforums Vanilla 2.0.17.8 Vanillaforums Vanilla 2.0.17.9 Vanillaforums Vanilla 2.0.17.10 Vanillaforums Vanilla 2.0.18 Vanillaforums Vanilla 2.0.18.1 Vanillaforums Vanilla 2.0.18.3 Vanillaforums Vanilla 2.0.18.4 Vanillaforums Vanilla 2.0.18.5 Vanillaforums Vanilla 2.0.18.6 Vanillaforums Vanilla - Vanillaforums Vanilla 2.0.0 Vanillaforums Vanilla 2.0.18.7	47

Exploit-Db

description	Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability. CVE-2013-2749,CVE-2013-3528. Webapps exploit for php platform
id	EDB-ID:29512
last seen	2016-02-03
modified	2013-11-08
published	2013-11-08
reporter	EgiX
source	https://www.exploit-db.com/download/29512/
title	Vanilla Forums 2.0 - 2.0.18.5 class.utilitycontroller.php - PHP Object Injection Vulnerability

Packetstorm

data source	https://packetstormsecurity.com/files/download/123529/KIS-2013-09.txt
id	PACKETSTORM:123529
last seen	2016-12-05
published	2013-10-07
reporter	EgiX
source	https://packetstormsecurity.com/files/123529/Vanilla-Forums-2.0.18.5-Local-File-Inclusion.html
title	Vanilla Forums 2.0.18.5 Local File Inclusion

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:83010
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-83010
title	Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

Seebug

References