SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
References
Link | Resource |
---|---|
http://adrianhayter.com/exploits.php | Exploit Third Party Advisory |
https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2017-09-21 20:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-14652
Mitre link : CVE-2017-14652
CVE.ORG link : CVE-2017-14652
JSON object : View
Products Affected
tapatalk
- tapatalk
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')