CVE-2018-6200
https://notcve.org/view.php?id=CVE-2018-6200
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. vBulletin 3.x.x y 4.2.x hasta la versión 4.2.5 tiene una redirección abierta medinte el parámetro url en redirector.php. • https://cxsecurity.com/issue/WLB-2018010251 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2014-9463 – vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection
https://notcve.org/view.php?id=CVE-2014-9463
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. functions_vbseo_hook.php en el módulo VBSEO para vBulletin permite que usuarios autenticados remotos ejecuten código arbitrario mediante la cabecera HTTP Referer a visitormessage.php. • https://www.exploit-db.com/exploits/36232 https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-7569
https://notcve.org/view.php?id=CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. En vBulletin en versiones anteriores a 5.3.0, atacantes remotos pueden pasar por alto el parche CVE-2016-6483 y realizar ataques SSRF aprovechando el comportamiento de la función parse_url de PHP, también conocido como VBV-17037. • https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2016-6195 – vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection
https://notcve.org/view.php?id=CVE-2016-6195
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. Vulnerabilidad de inyección SQL en forumrunner/includes/moderation.php en vBulletin en versiones anteriores a 4.2.2 Patch Level 5 y 4.2.3 en versiones anteriores a Patch Level 1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro postids a forumrunner/request.php, según se ha explotado activamente en Julio de 2016. • https://www.exploit-db.com/exploits/40751 http://www.securityfocus.com/bid/92687 http://www.vbulletin.org/forum/showthread.php?t=322848 https://enumerated.wordpress.com/2016/07/11/1 https://github.com/drewlong/vbully • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-2022 – vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
https://notcve.org/view.php?id=CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. Vulnerabilidad de inyección SQL en includes/api/4/breadcrumbs_create.php en vButellin 4.2.2, 4.2.1, 4.2.0 PL2, y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del argumento conceptid en una petición API a xmlrpc. vBulletin version 4.x suffers from a remote SQL injection vulnerability via the xmlrpc API. • https://www.exploit-db.com/exploits/40115 http://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Oct/56 http://www.securityfocus.com/bid/70417 http://www.securitytracker.com/id/1031001 https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •