Vulnerability CVE-2013-3527

Vulnerability CVE-2013-3527

Published: 2013-05-10 Modified: 2013-05-11

Description:

	Topic	Author	Date
High	Vanilla Forums 2-0-18-4 SQL-Injection / Insert arbitrary user & dump usertable	bl4ckw0rm	11.05.2013

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Vanillaforums -> Vanilla forums

https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d

http://xforce.iss.net/xforce/xfdb/83289

http://www.securityfocus.com/bid/58922

http://www.exploit-db.com/exploits/24927

http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7

http://secunia.com/advisories/52825

http://seclists.org/fulldisclosure/2013/Apr/57

http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html

http://osvdb.org/92110

http://osvdb.org/92109

http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/

http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html