Medium severity6.5OSV Advisory· Published Sep 3, 2018· Updated Jun 17, 2026
CVE-2018-16410
CVE-2018-16410
Description
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Affected products
2- Range: Vanilla_2.6.1, list
- Range: <2.6.1
Patches
Vulnerability mechanics
References
2- open.vanillaforums.com/discussion/36559nvdPatchVendor Advisory
- hackerone.com/reports/353784nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.