Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tapatalk | tapatalk | 5.1.0 |
| tapatalk | tapatalk | 1.1.2 |
| tapatalk | tapatalk | 3.1.5 |
| tapatalk | tapatalk | 1.1.1 |
| tapatalk | tapatalk | 5.0.0 |
| tapatalk | tapatalk | 3.1.3 |
| tapatalk | tapatalk | 1.2.3 |
| tapatalk | tapatalk | 3.9.0 |
| tapatalk | tapatalk | 4.5.1 |
| tapatalk | tapatalk | 4.1.0 |
| tapatalk | tapatalk | 4.9.0 |
| tapatalk | tapatalk | 4.3.1 |
| tapatalk | tapatalk | 3.2.0 |
| tapatalk | tapatalk | 4.6.0 |
| tapatalk | tapatalk | 4.2.0 |
| tapatalk | tapatalk | 4.4.0 |
| tapatalk | tapatalk | 4.7.0 |
| tapatalk | tapatalk | 4.7.2 |
| tapatalk | tapatalk | 4.8.0 |
| tapatalk | tapatalk | 1.0.0 |
| tapatalk | tapatalk | 1.2.6 |
| tapatalk | tapatalk | 5.1.3 |
| tapatalk | tapatalk | 5.2.1 |
| tapatalk | tapatalk | 3.9.3 |
| tapatalk | tapatalk | 3.9.1 |
| tapatalk | tapatalk | 4.8.1 |
| tapatalk | tapatalk | 4.0.0 |
| tapatalk | tapatalk | 5.0.1 |
| tapatalk | tapatalk | 4.3.0 |
| tapatalk | tapatalk | 3.1.4 |
| tapatalk | tapatalk | 4.5.2 |
| tapatalk | tapatalk | 4.7.1 |
| tapatalk | tapatalk | 1.2.0 |
| tapatalk | tapatalk | 5.1.2 |
| tapatalk | tapatalk | 3.1.2 |
| tapatalk | tapatalk | 1.2.1 |
| tapatalk | tapatalk | 1.1.0 |
| tapatalk | tapatalk | 5.2.0 |
| tapatalk | tapatalk | 1.0.2 |
| tapatalk | tapatalk | 3.9.2 |
| tapatalk | tapatalk | 5.1.1 |
| tapatalk | tapatalk | 4.2.1 |
| tapatalk | tapatalk | 2.0 |
| tapatalk | tapatalk | 4.5.0 |
| tapatalk | tapatalk | 1.0.1 |
The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tapatalk | tapatalk | 4.8.0 |
Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tapatalk | tapatalk | 1.1.0 |
| tapatalk | tapatalk | 1.0.2 |
| tapatalk | tapatalk | 1.1.1 |
| tapatalk | tapatalk | 1.0.0 |
| tapatalk | tapatalk | 1.0.1 |
Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tapatalk | tapatalk | 1.1.0 |
| tapatalk | tapatalk | 1.0.2 |
| tapatalk | tapatalk | 1.1.1 |
| tapatalk | tapatalk | 1.0.0 |
| tapatalk | tapatalk | 1.0.1 |
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tapatalk | tapatalk | * |