Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2014-2023

Published: 26/10/2017 Updated: 15/11/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Tapatalk

Vulnerability Summary

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and previous versions and 5.x up to and including 5.2.1 for vBulletin allow remote malicious users to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.

Vulnerable Product Search on Vulmon Subscribe to Product

tapatalk tapatalk 5.1.2

tapatalk tapatalk 5.1.3

tapatalk tapatalk 5.2.0

tapatalk tapatalk 5.2.1

tapatalk tapatalk 3.9.2

tapatalk tapatalk 3.9.3

tapatalk tapatalk 4.0.0

tapatalk tapatalk 4.1.0

tapatalk tapatalk 1.2.3

tapatalk tapatalk 1.2.6

tapatalk tapatalk 2.0

tapatalk tapatalk 1.0.0

tapatalk tapatalk 1.0.1

tapatalk tapatalk 4.9.0

tapatalk tapatalk 4.8.1

tapatalk tapatalk 4.3.1

tapatalk tapatalk 4.5.0

tapatalk tapatalk 4.5.1

tapatalk tapatalk 4.6.0

tapatalk tapatalk 3.9.0

tapatalk tapatalk 3.9.1

tapatalk tapatalk 3.1.2

tapatalk tapatalk 1.1.0

tapatalk tapatalk 5.0.1

tapatalk tapatalk 5.1.1

tapatalk tapatalk 4.7.0

tapatalk tapatalk 4.7.2

tapatalk tapatalk 4.5.2

tapatalk tapatalk 4.2.1

tapatalk tapatalk 3.1.4

tapatalk tapatalk 3.2.0

tapatalk tapatalk 1.1.1

tapatalk tapatalk 1.2.0

tapatalk tapatalk 1.0.2

tapatalk tapatalk 5.1.0

tapatalk tapatalk 5.0.0

tapatalk tapatalk 4.7.1

tapatalk tapatalk 4.8.0

tapatalk tapatalk 4.2.0

tapatalk tapatalk 4.3.0

tapatalk tapatalk 3.1.3

tapatalk tapatalk 3.1.5

tapatalk tapatalk 1.1.2

tapatalk tapatalk 1.2.1

tapatalk tapatalk 4.4.0

Exploits

Exploit DB: Tapatalk for vBulletin 4.x - Blind SQL Injection
#!/usr/bin/env python # -*- coding: utf-8 -*- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutilsversion import LooseVersion class Exploit(object): def __init__(self, target, debug=0 ): selfstopwatch_start=timetime() selftarget = target self ...
Exploit DB: vBulletin 5.x / 4.x Persistent Cross Site Scripting
vBulletin versions 5x and 4x suffer from a persistent cross site scripting vulnerability ...
Exploit DB: vBulletin 4.x SQL Injection
vBulletin version 4x suffers from a remote SQL injection vulnerability via the xmlrpc API ...

References

CWE-89https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023http://www.securityfocus.com/bid/70418http://www.exploit-db.com/exploits/35102http://seclists.org/fulldisclosure/2014/Oct/57http://packetstormsecurity.com/files/128854/vBulletin-4.x-Tapatalk-Blind-SQL-Injection.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/35102/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook