Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)

WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)

WordPress Plugin WP Symposium SQL Injection (15.1)

WordPress Plugin Dbox 3D Slider Lite SQL Injection (1.2.2)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection