Summary
Detail | |||
---|---|---|---|
Vendor | Vbulletin | First view | 2008-05-27 |
Product | Vbulletin | Last view | 2023-09-16 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.4 | 2023-09-16 | CVE-2023-39777 | A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. |
9.8 | 2023-02-03 | CVE-2023-25135 | vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. |
9.8 | 2020-10-30 | CVE-2020-7373 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. |
4.8 | 2020-09-03 | CVE-2020-25124 | The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. |
4.8 | 2020-09-03 | CVE-2020-25123 | The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. |
4.8 | 2020-09-03 | CVE-2020-25122 | The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. |
4.8 | 2020-09-03 | CVE-2020-25121 | The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. |
4.8 | 2020-09-03 | CVE-2020-25120 | The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. |
4.8 | 2020-09-03 | CVE-2020-25119 | The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. |
4.8 | 2020-09-03 | CVE-2020-25118 | The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. |
4.8 | 2020-09-03 | CVE-2020-25117 | The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. |
4.8 | 2020-09-03 | CVE-2020-25116 | The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. |
4.8 | 2020-09-03 | CVE-2020-25115 | The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. |
9.8 | 2020-08-12 | CVE-2020-17496 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. |
9.8 | 2020-05-08 | CVE-2020-12720 | vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. |
4.9 | 2019-10-08 | CVE-2019-17271 | vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. |
9.8 | 2019-10-04 | CVE-2019-17132 | vBulletin through 5.5.4 mishandles custom avatars. |
4.3 | 2019-10-04 | CVE-2019-17131 | vBulletin before 5.5.4 allows clickjacking. |
6.5 | 2019-10-04 | CVE-2019-17130 | vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. |
9.8 | 2019-09-24 | CVE-2019-16759 | vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. |
6.1 | 2018-10-17 | CVE-2018-15493 | vBulletin 5.4.3 has an Open Redirect. |
6.1 | 2018-01-24 | CVE-2018-6200 | vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. |
9.8 | 2017-12-13 | CVE-2017-17672 | In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. |
9.8 | 2017-12-13 | CVE-2017-17671 | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. |
6.5 | 2017-09-19 | CVE-2015-3419 | vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
39% (18) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
21% (10) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
8% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
8% (4) | CWE-20 | Improper Input Validation |
4% (2) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
4% (2) | CWE-502 | Deserialization of Untrusted Data |
2% (1) | CWE-552 | Files or Directories Accessible to External Parties |
2% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
2% (1) | CWE-306 | Missing Authentication for Critical Function |
2% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
2% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-63 | Simple Script Injection |
CAPEC-73 | User-Controlled Filename |
CAPEC-81 | Web Logs Tampering |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-104 | Cross Zone Scripting |
SAINT Exploits
Description | Link |
---|---|
vBulletin subWidgets command execution | More info here |
vBulletin remote command execution via the widgetConfig[code] parameter | More info here |
vBulletin decodeArguments serialized object vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
52279 | vBulletin admincp/image.php iperm Parameter SQL Injection |
49921 | vBulletin admincp/attachmentpermission.php extension Parameter SQL Injection |
49920 | vBulletin admincp/verify.php answer Parameter SQL Injection |
49907 | vBulletin admincp/admincalendar.php holidayinfo[recurring] Parameter SQL Inje... |
47591 | vBulletin Private Message Subject Field XSS |
46937 | vBulletin Debug Mode Unspecified XSS |
46936 | vBulletin admincp/faq.php Injection adminlog.php XSS |
46185 | vBulletin Unspecified XSS |
45736 | vBulletin faq.php q Parameter SQL Injection |
OpenVAS Exploits
id | Description |
---|---|
2009-03-10 | Name : vBulletin 'admincalendar.php' SQL Injection Vulnerability File : nvt/vBulletin_3_7_3_pl1_sql_injection.nasl |
2009-03-10 | Name : VBulletin 3.7.4 multiple SQL Injection Vulnerability File : nvt/vBulletin_3_7_4_multiple_sql_injection.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2020-09-15 | vBulletin template rendering arbitrary PHP code execution attempt RuleID : 54768 - Type : SERVER-WEBAPP - Revision : 2 |
2020-09-15 | vBulletin template rendering arbitrary PHP code execution attempt RuleID : 54767 - Type : SERVER-WEBAPP - Revision : 2 |
2019-11-15 | vBulletin pre-authenticated command injection attempt RuleID : 51837 - Type : SERVER-WEBAPP - Revision : 3 |
2019-11-15 | vBulletin pre-authenticated command injection attempt RuleID : 51836 - Type : SERVER-WEBAPP - Revision : 3 |
2019-11-15 | vBulletin pre-authenticated command injection attempt RuleID : 51835 - Type : SERVER-WEBAPP - Revision : 3 |
2019-11-15 | vBulletin pre-authenticated command injection attempt RuleID : 51834 - Type : SERVER-WEBAPP - Revision : 3 |
2019-11-15 | vBulletin pre-authenticated command injection attempt RuleID : 51833 - Type : SERVER-WEBAPP - Revision : 3 |
2019-11-12 | vBulletin updateAvatar PHP remote code execution attempt RuleID : 51818 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin updateAvatar PHP remote code execution attempt RuleID : 51817 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin updateAvatar PHP remote code execution attempt RuleID : 51816 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51813 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51812 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51811 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51810 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51809 - Type : SERVER-WEBAPP - Revision : 1 |
2019-11-12 | vBulletin SQL injection attempt RuleID : 51808 - Type : SERVER-WEBAPP - Revision : 1 |
2019-10-29 | vBulletin pre-authenticated command injection attempt RuleID : 51621 - Type : SERVER-WEBAPP - Revision : 4 |
2019-10-29 | vBulletin pre-authenticated command injection attempt RuleID : 51620 - Type : SERVER-WEBAPP - Revision : 4 |
2016-03-14 | vBulletin decodeArguments PHP object injection attempt RuleID : 36763 - Type : SERVER-WEBAPP - Revision : 2 |