cbcvebase.
CVE-2014-2022
published 2014-10-15

CVE-2014-2022: SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to…

PriorityP344high7.1CVSS 2.0
AVNACHAuSCCICAC
EXPLOIT
EPSS
2.71%
84.1th percentile
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.

Affected

6 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 5.11.0 < 5.15.865.15.86
linuxlinux_kernel>= 5.16.0 < 6.0.166.0.16
linuxlinux_kernel>= 6.1.0 < 6.1.26.1.2
vbulletinvbulletin<= 4.2.2
vbulletinvbulletin
vbulletinvbulletin

CVSS provenance

nvdv2.07.1HIGHAV:N/AC:H/Au:S/C:C/I:C/A:C
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.