An SQL injection vulnerability affects vBulletin 5.6.1 and earlier versions. The SQL injection vulnerability affects the vBulletin endpoint /ajax/api/content_infraction/getIndexableContent and can be exploited via the POST parameter nodeId[nodeid].

The following patches are available for the following versions of vBulletin Connect:

  • 5.6.1 Patch Level 1
  • 5.6.0 Patch Level 1
  • 5.5.6 Patch Level 1

If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.


Upgrade to the latest version of vBulletin 5.


Related Vulnerabilities