Vanilla Forums Multiple SQL Injection Vulnerabilities

Bugtraq ID:	58922
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 05 2013 12:00AM
Updated:	Apr 05 2013 12:00AM
Credit:	Michael Schratt
Vulnerable:	Vanilla Forums Vanilla 2.0.18.4
Not Vulnerable:

Vanilla Forums Multiple SQL Injection Vulnerabilities

Vanilla Forums is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using in an SQL query.

Exploiting these issues allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Vanilla Forums 2.0.18.4 and prior versions are vulnerable.

Vanilla Forums Multiple SQL Injection Vulnerabilities

An attacker can use a browser to exploit these issues.

The following example code is available:

• /data/vulnerabilities/exploits/58922.txt

Vanilla Forums Multiple SQL Injection Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

Vanilla Forums Multiple SQL Injection Vulnerabilities

References:

• Vanilla Forums Homepage (Vanilla Forums)