Posted by oststrom (public) on Oct 13

Hash: SHA1

CVE-2014-2022 – vbulletin 4.x – SQLi in breadcrumbs via xmlrpc API
(post-auth)

============================================================================
==

Overview

——–

date : 10/12/2014

cvss : 7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C) base

cwe : 89

vendor : vBulletin Solutions

product : vBulletin 4

versions affected : latest 4.x (to date); verified <= 4.2.2

*…