Description
An SQL injection vulnerability affects vBulletin 5.6.1 and earlier versions. The SQL injection vulnerability affects the vBulletin endpoint /ajax/api/content_infraction/getIndexableContent and can be exploited via the POST parameter nodeId[nodeid].
The following patches are available for the following versions of vBulletin Connect:
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1
If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)
WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)
WordPress Plugin Live Forms-Visual Form Builder SQL Injection (3.0.1)
WordPress Plugin WP-Download 'dl_id' Parameter SQL Injection (1.2)