Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.8)

Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)

Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)

Product Catalog 8 SQL Injection (1.2.0)

AdRotate-Ad manager & AdSense Ads 'adrotate-out.php' SQL Injection (3.6.6)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Tags

SQL Injection