[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-3527Date: (C)2013-05-11   (M)2023-12-22


Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html
http://seclists.org/fulldisclosure/2013/Apr/57
EXPLOIT-DB-24927
SECUNIA-52825
BID-58922
OSVDB-92109
OSVDB-92110
http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/
http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html
http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7
https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d
vanillaforums-multiple-sql-injection(83289)

CWE    1
CWE-89

© SecPod Technologies