Vanilla Forums < 2.3 - Remote Code Execution Vulnerability
by CIRT Team
Description: Vanilla Forums software (including the latest stable version of 2.3 in its default configuration) is affected by * Host Header Injection CVE-2016-10073 which can be exploited by unauthenticated remote attackers to potentially intercept password reset hash and gain unauthorized access to the victim account or perform web-cache poisoning attacks.
Impact: With victim user interaction, attacker could potentially intercept the password reset hash. This vulnerability may also lead to web-cache poisoning if the HOST header is used to form links in web responses. See references for more details on this vector.
Mitigation: Updates are available. Please see the references for more information.
26 Oct 2023 - Security Advisories & Alerts