Vulnerabilities (CVE)

Vendor filter

Vbulletin Subscribe

Product filter

Vbulletin Subscribe

Filter

34 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2019-10-11 6.8
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2019-10-11 4.3
vBulletin before 5.5.4 allows clickjacking.
CVE-2019-17130 1 Vbulletin 1 Vbulletin 2019-10-10 6.4
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVE-2019-17271 1 Vbulletin 1 Vbulletin 2019-10-09 4.0
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVE-2019-16759 1 Vbulletin 1 Vbulletin 2019-09-26 7.5
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
CVE-2018-15493 1 Vbulletin 1 Vbulletin 2018-11-30 5.8
vBulletin 5.4.3 has an Open Redirect.
CVE-2008-6256 1 Vbulletin 1 Vbulletin 2018-10-11 6.5
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
CVE-2008-6255 1 Vbulletin 1 Vbulletin 2018-10-11 6.5
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to...
CVE-2008-3184 1 Vbulletin 1 Vbulletin 2018-10-11 4.3
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter,...
CVE-2008-2744 1 Vbulletin 1 Vbulletin 2018-10-11 4.3
Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin...
CVE-2008-2460 1 Vbulletin 1 Vbulletin 2018-10-11 7.5
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.
CVE-2018-6200 1 Vbulletin 1 Vbulletin 2018-02-08 5.8
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVE-2017-17671 1 Vbulletin 1 Vbulletin 2018-01-02 7.5
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../...
CVE-2017-17672 1 Vbulletin 1 Vbulletin 2018-01-02 7.5
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's...
CVE-2008-4706 1 Vbulletin 1 Vbgooglemap 2017-09-29 7.5
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
CVE-2015-3419 1 Vbulletin 1 Vbulletin 2017-09-26 4.0
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
CVE-2014-9438 1 Vbulletin 1 Vbulletin 2017-09-08 6.8
Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser...
CVE-2014-8670 1 Vbulletin 1 Vbulletin 2017-09-08 5.8
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2016-6483 1 Vbulletin 1 Vbulletin 2017-09-03 5.0
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1,...
CVE-2014-9469 1 Vbulletin 1 Vbulletin 2017-09-01 4.3
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3.