CVE-2013-3527
Vanilla Forums < 2.0.18.8 - SQL Injection via Form/Email Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3527. PoCs published by bl4ckw0rm.
AI-analyzed exploit summary This exploit demonstrates SQL injection in Vanilla Forums up to version 2.0.18.4, allowing unauthenticated attackers to insert arbitrary users and dump the user table via crafted HTTP POST requests.
Description
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Exploits (1)
This exploit demonstrates SQL injection in Vanilla Forums up to version 2.0.18.4, allowing unauthenticated attackers to insert arbitrary users and dump the user table via crafted HTTP POST requests.