vendor:
Tapatalk
by:
tintinweb 0x721427D8
9,3
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Tapatalk
Affected Version From: 5.2.1
Affected Version To: 5.2.1
Patch Exists: YES
Related CWE: N/A
CPE: a:tapatalk:tapatalk
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: All
2013
Tapatalk <= 5.2.1 Remote Code Execution
Tapatalk <= 5.2.1 is vulnerable to a Remote Code Execution vulnerability. An attacker can craft a malicious XML-RPC request to the mobiquo.php file, which will allow them to execute arbitrary code on the server. This exploit was discovered by tintinweb 0x721427D8.
Mitigation:
Upgrade to Tapatalk version 5.2.2 or later.
