CVE-2013-3527

Vanilla Forums < 2.0.18.8 - SQL Injection via Form/Email Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3527. PoCs published by bl4ckw0rm.

AI-analyzed exploit summary This exploit demonstrates SQL injection in Vanilla Forums up to version 2.0.18.4, allowing unauthenticated attackers to insert arbitrary users and dump the user table via crafted HTTP POST requests.

Description

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

Exploits (1)

exploitdb WORKING POC
by bl4ckw0rm · textwebappsphp
https://www.exploit-db.com/exploits/24927

This exploit demonstrates SQL injection in Vanilla Forums up to version 2.0.18.4, allowing unauthenticated attackers to insert arbitrary users and dump the user table via crafted HTTP POST requests.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Vanilla Forums vanilla-core-2-0-18-4
No auth needed
Prerequisites: Network access to the target Vanilla Forums instance · Knowledge of the encryption algorithm used for passwords
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52825
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/92109
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Apr/57
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/92110
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83289
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58922
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24927

Scores

EPSS 0.0351
EPSS Percentile 87.7%

Details

CWE
CWE-89
Status published
Products (35)
vanillaforums/vanilla 2.0.1
vanillaforums/vanilla 2.0.2
vanillaforums/vanilla 2.0.3
vanillaforums/vanilla 2.0.4
vanillaforums/vanilla 2.0.5
vanillaforums/vanilla 2.0.6
vanillaforums/vanilla 2.0.7
vanillaforums/vanilla 2.0.8
vanillaforums/vanilla 2.0.9
vanillaforums/vanilla 2.0.10
... and 25 more
Published May 10, 2013
Tracked Since Feb 18, 2026