Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

PHP object deserialization of user-supplied data

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (4.1.7)

WordPress Plugin Safe Redirect Manager SQL Injection (1.7.7)

Joomla! Core 1.5.x Multiple SQL Injection Vulnerabilities (1.5.0 - 1.5.21)

WordPress Plugin WP-Polls SQL Injection (2.71)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection