CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-14652

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile37.93th
Published2017年9月21日
Last Modified2026年5月13日

Vulnerability Description

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

Affected Platforms (CPE)

📦
Tapatalk

Tapatalk

<= 4.5.7

References & Advisories

🔗 http://adrianhayter.com/exploits.php
🔗 https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116
🔗 http://adrianhayter.com/exploits.php
🔗 https://www.tapatalk.com/groups/tapatalksupport/tapatalk-for-mybb-plugin-release-announcement-and--t5877-s50.html#p187116

関連する脆弱性情報

CVE-2014-20239.8

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote a...

CVE-2014-88705.8

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab...

CVE-2014-56805.4

The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-66495.4

The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates fr...