High severity7.2OSV Advisory· Published Nov 23, 2018· Updated Jun 17, 2026
CVE-2018-19499
CVE-2018-19499
Description
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Affected products
2Vanilla_2.5, Vanilla_2.5.1, Vanilla_2.5.3, …+ 1 more
- (no CPE)range: Vanilla_2.5, Vanilla_2.5.1, Vanilla_2.5.3, …
- (no CPE)range: <2.5.5, <2.6.2
Patches
Vulnerability mechanics
References
1- hackerone.com/reports/407552nvdThird Party Advisory
News mentions
0No linked articles in our index yet.