CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14652

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile37.93th
PublishedSep 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

Affected Platforms (CPE)

πŸ“¦
Tapatalk

Tapatalk

<= 4.5.7

References & Advisories

πŸ”— http://adrianhayter.com/exploits.php
πŸ”— https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116
πŸ”— http://adrianhayter.com/exploits.php
πŸ”— https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116

Related Vulnerabilities

CVE-2014-20239.8

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote a...

CVE-2014-88705.8

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab...

CVE-2014-56805.4

The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-66495.4

The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates fr...