Posted by Vishal Mishra on Dec 15

XenForo 1.5.x Remote Code Execution Vulnerability

1. ADVISORY INFORMATION
=======================
Product: XenForo
Vendor URL: xenforo.com
Type: Code Injection [CWE-94]
Date found: 2016-12-09
Date published: 2016-12-15
CVSSv3 Score: 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C)
CVE: –

2. CREDITS
==========

This vulnerability was discovered and researched by indepent security
expert…