Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

WordPress Plugin UPM Polls 'PID' Parameter SQL Injection (1.0.4)

WordPress Plugin Download Monitor SQL Injection (4.4.4)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) SQL Injection (3.4)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.15.727)

WordPress Plugin WP Rss Poster SQL Injection (1.0.0)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection