Lucene search

[email protected]CVE-2013-3527

HistoryMay 10, 2013 - 9:55 p.m.

CVE-2013-3527

2013-05-1021:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-3527

sql injection

security vulnerability

vanilla forums

remote attack

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.2%

JSON

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

CPENameOperatorVersion
vanillaforums:vanillavanillaforums vanillaeq2.0.16
vanillaforums:vanillavanillaforums vanillaeq2.0.1
vanillaforums:vanillavanillaforums vanillaeq2.0.2
vanillaforums:vanillavanillaforums vanillaeq2.0.3
vanillaforums:vanillavanillaforums vanillaeq2.0.4
vanillaforums:vanillavanillaforums vanillaeq2.0.5
vanillaforums:vanillavanillaforums vanillaeq2.0.6
vanillaforums:vanillavanillaforums vanillaeq2.0.7
vanillaforums:vanillavanillaforums vanillaeq2.0.8
vanillaforums:vanillavanillaforums vanillaeq2.0.9

CPE	Name	Operator	Version
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.16
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.1
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.2
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.3
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.4
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.5
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.6
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.7
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.8
vanillaforums:vanilla	vanillaforums vanilla	eq	2.0.9

Rows per page:

1-10 of 351

References

archives.neohapsis.com/archives/bugtraq/2013-04/0068.html

mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/

osvdb.org/92109

osvdb.org/92110

packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html

seclists.org/fulldisclosure/2013/Apr/57

secunia.com/advisories/52825

vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7

www.exploit-db.com/exploits/24927

www.securityfocus.com/bid/58922

exchange.xforce.ibmcloud.com/vulnerabilities/83289

github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.2%

JSON

Related for CVE-2013-3527

prion1 cvelist1 checkpoint_advisories1 zdt1