SQL Injection in Vanillaforums Vanilla
CVE-2013-3527
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Vulnerability class: SQL Injection
EPSS: 0.036 (88.1th percentile) — read the EPSS interpretation.
Affected products
- Vanillaforums Vanilla — versions 2.0.1, 2.0.2, 2.0.3
- N/a — versions n/a
Weakness classification (CWE)
References
- 52825 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 20130405 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable (mailing-list, Exploit, x_refsource_BUGTRAQ)
- 92109 (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20130407 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable (mailing-list, Exploit, x_refsource_FULLDISC)
- 92110 (x_refsource_OSVDB, vdb-entry)
- vanillaforums-multiple-sql-injection(83289) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_MISC)