Unpatched 0-Days in Vanilla Forums Let Remote Attackers Hack Websites

A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums, an open source software that powers discussion on over 500,000 websites, which could allow unauthenticated, remote attackers to fully compromise targeted websites easily. Discovered by Polish security researcher Dawid Golunski of Legal Hackers, two separate unpatched vulnerabilities, a remote

from The Hacker News http://ift.tt/2r0uQhz
via IFTTT