CVE-2014-2023

Name of the Vulnerable Software and Affected Versions: vBulletin Tapatalk plugin versions 4.9.0 and earlier vBulletin Tapatalk plugin versions 5.x through 5.2.1

Description: The issue allows remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to specific endpoints, including "unsubscribe forum.php" and "unsubscribe topic.php" in mobiquo/functions/.

Recommendations: For versions 4.9.0 and earlier, update to a version later than 4.9.0. For versions 5.x through 5.2.1, update to a version later than 5.2.1. As a temporary workaround, consider restricting access to the "unsubscribe forum.php" and "unsubscribe topic.php" endpoints in mobiquo/functions/ until a patch is available.