CVE-2017-14652

Опубликовано: 21 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

Ссылки

http://adrianhayter.com/exploits.php
Exploit
Third Party Advisory
https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116
Vendor Advisory
http://adrianhayter.com/exploits.php
Exploit
Third Party Advisory
https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tapatalk:tapatalk:*:*:*:*:*:mybb:*:*

Версия до 4.5.7 (включая)

EPSS

Процентиль: 80%

0.01398

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-qj97-4j39-w47x