Описание
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-2022
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022
- http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Oct/56
- http://www.securityfocus.com/bid/70417
- http://www.securitytracker.com/id/1031001
Связанные уязвимости
nvd
больше 11 лет назад
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.