SQL Injection Vulnerability in vBulletin 4.2.2 and Earlier Versions

SQL Injection Vulnerability in vBulletin 4.2.2 and Earlier Versions

CVE-2014-2022 · HIGH Severity

AV:N/AC:H/AU:S/C:C/I:C/A:C

SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.

Learn more about our Api Penetration Testing.