Description

vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

vBulletin 4.x SQL Injection Vulnerability

vBulletin 4.X Security Patch

Related Vulnerabilities

WordPress Plugin WP Statistics Multiple Vulnerabilities (13.1.5)

MongoDB $where operator JavaScript injection

WordPress Plugin PICA Photo Gallery SQL Injection (1.0)

WordPress Plugin Zero Spam SQL Injection (2.1.2)

WordPress Plugin Comic Book Management System SQL Injection (2.1.0)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Tags

Known Vulnerabilities SQL Injection