CVE-2014-125086 MEDIUM

CVE-2014-125086: Gimmie Plugin trigger_login.php sql injection

Vendor N/A
Product Gimmie Plugin
Weakness CWE-89 · SQLi
Published February 6, 2023
Last update March 25, 2025

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.

Key dates

02Disclosure timeline

February 6, 2023 CVE published
March 25, 2025 Record updated