CVE-2014-2022

2014-10-1514:55:05

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

38.6%

JSON

SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.

Affected configurations

Nvd

Node

vbulletinvbulletinRange≤4.2.2

vbulletinvbulletinMatch4.2.0pl2

vbulletinvbulletinMatch4.2.1

VendorProductVersionCPE
vbulletinvbulletin*cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
vbulletinvbulletin4.2.0cpe:2.3:a:vbulletin:vbulletin:4.2.0:pl2:*:*:*:*:*:*
vbulletinvbulletin4.2.1cpe:2.3:a:vbulletin:vbulletin:4.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vbulletin	vbulletin	*	cpe:2.3:a:vbulletin:vbulletin::::::::
vbulletin	vbulletin	4.2.0	cpe:2.3:a:vbulletin:vbulletin:4.2.0:pl2::::::
vbulletin	vbulletin	4.2.1	cpe:2.3:a:vbulletin:vbulletin:4.2.1:::::::*