Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2013-3527 - Vulnerability Database
Vanilla Forums

Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2013-3527

High
Reference: CVE-2013-3527
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-3527
Title: Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.