Описание
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-3527
- https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83289
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html
- http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable
- http://osvdb.org/92109
- http://osvdb.org/92110
- http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html
- http://seclists.org/fulldisclosure/2013/Apr/57
- http://secunia.com/advisories/52825
- http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7
- http://www.exploit-db.com/exploits/24927
- http://www.securityfocus.com/bid/58922
Связанные уязвимости
nvd
больше 12 лет назад
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.