CVE-2017-14652

Name of the Vulnerable Software and Affected Versions Tapatalk plugin for MyBB versions prior to 4.5.8

Description The issue allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. This is due to a SQL Injection vulnerability in the mobiquo/lib/classTTForum.php file.

Recommendations For Tapatalk plugin for MyBB versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the user registration process to minimize the risk of exploitation.