Directory Traversal and File Inclusion Vulnerability in Vanilla before 2.6.4

Directory Traversal and File Inclusion Vulnerability in Vanilla before 2.6.4

CVE-2019-9889 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

Learn more about our Web App Pen Testing.