Description
An SQL injection vulnerability affects vBulletin 5.6.1 and earlier versions. The SQL injection vulnerability affects the vBulletin endpoint /ajax/api/content_infraction/getIndexableContent and can be exploited via the POST parameter nodeId[nodeid].
The following patches are available for the following versions of vBulletin Connect:
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1
If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
WordPress Plugin WatuPRO SQL Injection (5.5.3.6)
WordPress Plugin Product Catalog SQL Injection (3.9.8)
WordPress Plugin Chained Quiz SQL Injection (1.0.8)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)
WordPress Plugin WP PRO Advertising System-All In One Ad Manager SQL Injection (4.6.18)