7.5
CVE-2013-3527
- EPSS 3.51%
- Veröffentlicht 10.05.2013 21:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vanillaforums ≫ Vanilla Version <= 2.0.18.7
Vanillaforums ≫ Vanilla Version2.0.1
Vanillaforums ≫ Vanilla Version2.0.2
Vanillaforums ≫ Vanilla Version2.0.3
Vanillaforums ≫ Vanilla Version2.0.4
Vanillaforums ≫ Vanilla Version2.0.5
Vanillaforums ≫ Vanilla Version2.0.6
Vanillaforums ≫ Vanilla Version2.0.7
Vanillaforums ≫ Vanilla Version2.0.8
Vanillaforums ≫ Vanilla Version2.0.9
Vanillaforums ≫ Vanilla Version2.0.10
Vanillaforums ≫ Vanilla Version2.0.11
Vanillaforums ≫ Vanilla Version2.0.12
Vanillaforums ≫ Vanilla Version2.0.13
Vanillaforums ≫ Vanilla Version2.0.14
Vanillaforums ≫ Vanilla Version2.0.15
Vanillaforums ≫ Vanilla Version2.0.16
Vanillaforums ≫ Vanilla Version2.0.16.1
Vanillaforums ≫ Vanilla Version2.0.17
Vanillaforums ≫ Vanilla Version2.0.17.1
Vanillaforums ≫ Vanilla Version2.0.17.2
Vanillaforums ≫ Vanilla Version2.0.17.3
Vanillaforums ≫ Vanilla Version2.0.17.4
Vanillaforums ≫ Vanilla Version2.0.17.5
Vanillaforums ≫ Vanilla Version2.0.17.6
Vanillaforums ≫ Vanilla Version2.0.17.7
Vanillaforums ≫ Vanilla Version2.0.17.8
Vanillaforums ≫ Vanilla Version2.0.17.9
Vanillaforums ≫ Vanilla Version2.0.17.10
Vanillaforums ≫ Vanilla Version2.0.18
Vanillaforums ≫ Vanilla Version2.0.18 Updatealpha3
Vanillaforums ≫ Vanilla Version2.0.18 Updatebeta1
Vanillaforums ≫ Vanilla Version2.0.18 Updatebeta2
Vanillaforums ≫ Vanilla Version2.0.18 Updatebeta4
Vanillaforums ≫ Vanilla Version2.0.18 Updaterc1
Vanillaforums ≫ Vanilla Version2.0.18 Updaterc2
Vanillaforums ≫ Vanilla Version2.0.18 Updaterc3
Vanillaforums ≫ Vanilla Version2.0.18.1
Vanillaforums ≫ Vanilla Version2.0.18.3
Vanillaforums ≫ Vanilla Version2.0.18.4
Vanillaforums ≫ Vanilla Version2.0.18.5
Vanillaforums ≫ Vanilla Version2.0.18.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.51% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html
http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/
http://osvdb.org/92109
http://osvdb.org/92110
http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Apr/57
http://secunia.com/advisories/52825
http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7
http://www.exploit-db.com/exploits/24927
http://www.securityfocus.com/bid/58922
https://exchange.xforce.ibmcloud.com/vulnerabilities/83289
https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d