Description
An SQL injection vulnerability affects vBulletin 5.6.1 and earlier versions. The SQL injection vulnerability affects the vBulletin endpoint /ajax/api/content_infraction/getIndexableContent and can be exploited via the POST parameter nodeId[nodeid].
The following patches are available for the following versions of vBulletin Connect:
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1
If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.2.4)
WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.1.4)
WordPress Plugin WP Review Slider SQL Injection (10.9)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)
WordPress Plugin Advertizer 'id' Parameter SQL Injection (1.0)