CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-6200
https://notcve.org/view.php?id=CVE-2018-6200
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. vBulletin 3.x.x y 4.2.x hasta la versión 4.2.5 tiene una redirección abierta medinte el parámetro url en redirector.php. • https://cxsecurity.com/issue/WLB-2018010251 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 2CVE-2014-9463 – vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection
https://notcve.org/view.php?id=CVE-2014-9463
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. functions_vbseo_hook.php en el módulo VBSEO para vBulletin permite que usuarios autenticados remotos ejecuten código arbitrario mediante la cabecera HTTP Referer a visitormessage.php. • https://www.exploit-db.com/exploits/36232 https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7569
https://notcve.org/view.php?id=CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. En vBulletin en versiones anteriores a 5.3.0, atacantes remotos pueden pasar por alto el parche CVE-2016-6483 y realizar ataques SSRF aprovechando el comportamiento de la función parse_url de PHP, también conocido como VBV-17037. • https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6195 – vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection
https://notcve.org/view.php?id=CVE-2016-6195
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. Vulnerabilidad de inyección SQL en forumrunner/includes/moderation.php en vBulletin en versiones anteriores a 4.2.2 Patch Level 5 y 4.2.3 en versiones anteriores a Patch Level 1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro postids a forumrunner/request.php, según se ha explotado activamente en Julio de 2016. • https://www.exploit-db.com/exploits/40751 http://www.securityfocus.com/bid/92687 http://www.vbulletin.org/forum/showthread.php?t=322848 https://enumerated.wordpress.com/2016/07/11/1 https://github.com/drewlong/vbully • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 4%CPEs: 8EXPL: 2CVE-2016-6483 – vBulletin 5.2.2 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2016-6483
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. La funcionalidad de carga de archivos multimedia en vBulletin en versiones anteriores a 3.8.7 Patch Level 6, 3.8.8 en versiones anteriores a Patch Level 2, 3.8.9 en versiones anteriores a Patch Level 1, 4.x en versiones anteriores a 4.2.2 Patch Level 6, 4.2.3 en versiones anteriores a Patch Level 2, 5.x en versiones anteriores a 5.2.0 Patch Level 3, 5.2.1 en versiones anteriores a Patch Level 1 y 5.2.2 en versiones anteriores a Patch Level 1 permite a atacantes remotos llevar a cabo ataques SSRF a través de una URL manipulada que resulta en un código de estado Redirection HTTP. vBulletin versions 5.2.2 and below, 4.2.3 and below, and 3.8.9 and below suffer from a pre-auth server side request forgery vulnerability. • https://www.exploit-db.com/exploits/40225 http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt http://www.securityfocus.com/bid/92350 http://www.securitytracker.com/id/1036553 http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta http • CWE-918: Server-Side Request Forgery (SSRF) •