Description
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
Remediation
References
Related Vulnerabilities
WordPress Plugin PropertyHive Cross-Site Scripting (1.4.14)
Oracle Database Server CVE-2020-2518 Vulnerability (CVE-2020-2518)
SharePoint CVE-2021-31172 Vulnerability (CVE-2021-31172)
Oracle JRE CVE-2012-5067 Vulnerability (CVE-2012-5067)
WordPress Plugin PowerPack Pro for Elementor Privilege Escalation (2.10.14)