All sites were vulnerable to authenticating as other users or tampering with ciphertexts. Error reporting enables the RCE. However, I still hope that nobody is vulnerable or panicking since this was reported and fixed last year.