An SQL injection vulnerability affects vBulletin 5.6.1 and earlier versions. The SQL injection vulnerability affects the vBulletin endpoint /ajax/api/content_infraction/getIndexableContent and can be exploited via the POST parameter nodeId[nodeid].
The following patches are available for the following versions of vBulletin Connect:
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1
If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.
Upgrade to the latest version of vBulletin 5.