Summary A vulnerability in XenForo allows a user to trigger an RCE via incorrect parsing and handling of user provided templates, this combined with another CSRF vulnerability. might allow unauthenticated attackers to execute arbitrary code whenever an admin user with permissions to administer styles / widgets will visit a specially crafted page / link. Credit … SSD Advisory – XenForo RCE via CSRF Read More »
