Description
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Post Page Clone SQL Injection (1.0)
WordPress Plugin Use Any Font Unspecified Vulnerability (4.3.6)
Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.23)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0826)