Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)

WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)

WordPress Plugin SpiderCatalog Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.4.6)

WordPress Plugin WP DS FAQ 'ajax.php' SQL Injection (1.3.2)

WordPress Plugin Z-Vote 'zvote' Parameter SQL Injection (1.1)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Tags

SQL Injection