Lucene search
MitreCVE-2014-2022HistoryOct 15, 2014 - 2:55 p.m.
CVE-2014-2022
2014-10-1514:55:05
CWE-89
mitre
web.nvd.nist.gov
40
cve-2014-2022
sql injection
vbulletin
nvd
security vulnerability
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
38.6%
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
Affected configurations
Node
vbulletinvbulletinRange≤4.2.2
ORvbulletinvbulletinMatch4.2.0pl2
ORvbulletinvbulletinMatch4.2.1
Related
prion
prion
Sql injection
2014-10-15 14:55:00
nvd
nvd
CVE-2014-2022
2014-10-15 14:55:05
cvelist
cvelist
CVE-2014-2022
2014-10-15 14:00:00
exploitpack
exploitpack
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
2014-10-12 00:00:00
exploitdb
exploitdb
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
2014-10-12 00:00:00
packetstorm
packetstorm
vBulletin 4.x SQL Injection
2014-10-13 00:00:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
38.6%
Related for CVE-2014-2022