Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-9889 - Vulnerability Database
Vanilla Forums

Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-9889

Low
Reference: CVE-2019-9889
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9889
Title: Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

In Vanilla before 2.6.4 a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.