Vulnerability Description
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tapatalk | Tapatalk | 1.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128854/vBulletin-4.x-Tapatalk-Blind-SQL-InjThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Oct/57Mailing ListThird Party Advisory
- http://www.exploit-db.com/exploits/35102Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/70418Third Party AdvisoryVDB Entry
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023Third Party Advisory
- http://packetstormsecurity.com/files/128854/vBulletin-4.x-Tapatalk-Blind-SQL-InjThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Oct/57Mailing ListThird Party Advisory
- http://www.exploit-db.com/exploits/35102Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/70418Third Party AdvisoryVDB Entry
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023Third Party Advisory
FAQ
What is CVE-2014-2023?
CVE-2014-2023 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API re...
How severe is CVE-2014-2023?
CVE-2014-2023 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-2023?
Check the references section above for vendor advisories and patch information. Affected products include: Tapatalk Tapatalk.