VYPR
Medium severity6.5OSV Advisory· Published Sep 3, 2018· Updated Jun 17, 2026

CVE-2018-16410

CVE-2018-16410

Description

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.