Description

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

Remediation

References

CVE-2013-3527

Related Vulnerabilities

WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)

WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)

WordPress Plugin Quick Contact Form Multiple Vulnerabilities (8.0.3.1)

Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)

Claroline Other Vulnerability (CVE-2006-0411)

Severity

High

Classification

CVE-2013-3527 CWE-138

Tags

Missing Update Known Vulnerabilities